fix(state): passing an url with a querystring as the state, e. g. url?x=1

Author: manfredsteyer

projects/lib/src/oauth-service.ts

@@ -1253,7 +1253,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
         const nonce = await this.createAndSaveNonce();
 
         if (state) {
-            state = nonce + this.config.nonceStateSeparator + state;
+            state = nonce + this.config.nonceStateSeparator + encodeURIComponent(state);
         } else {
             state = nonce;
         }
@@ -1461,8 +1461,6 @@ export class OAuthService extends AuthConfig implements OnDestroy {
         }
     }
 
-
-
     private parseQueryString(queryString: string): object {
         if (!queryString || queryString.length === 0) {
             return {};
@@ -1473,8 +1471,6 @@ export class OAuthService extends AuthConfig implements OnDestroy {
         }
 
         return this.urlHelper.parseQueryString(queryString);
-
-
     }
 
     public tryLoginCodeFlow(options: LoginOptions = null): Promise<void> {

projects/sample/src/app/app.component.ts

@@ -27,6 +27,7 @@ export class AppComponent {
     this.oauthService.events
       .pipe(filter(e => e.type === 'token_received'))
       .subscribe(_ => {
+        console.debug('state', this.oauthService.state);
         this.oauthService.loadUserProfile();
       });
 
@@ -57,7 +58,6 @@ export class AppComponent {
     // Optional
     this.oauthService.setupAutomaticSilentRefresh();
 
-
     // Display all events
     this.oauthService.events.subscribe(e => {
       // tslint:disable-next-line:no-console
@@ -70,7 +70,6 @@ export class AppComponent {
         // tslint:disable-next-line:no-console
         console.debug('Your session has been terminated!');
       });
-
   }
 
   // 

projects/sample/src/app/home/home.component.ts

@@ -33,7 +33,7 @@ export class HomeComponent implements OnInit {
     await this.oauthService.loadDiscoveryDocument();
     sessionStorage.setItem('flow', 'implicit');
 
-    this.oauthService.initLoginFlow('/some-state;p1=1;p2=2');
+    this.oauthService.initLoginFlow('/some-state;p1=1;p2=2?p3=3&p4=4');
       // the parameter here is optional. It's passed around and can be used after logging in
   }
 
@@ -56,7 +56,7 @@ export class HomeComponent implements OnInit {
       await this.oauthService.loadDiscoveryDocument();
       sessionStorage.setItem('flow', 'code');
 
-      this.oauthService.initLoginFlow('/some-state;p1=1;p2=2');
+      this.oauthService.initLoginFlow('/some-state;p1=1;p2=2?p3=3&p4=4');
        // the parameter here is optional. It's passed around and can be used after logging in
   }