Skip to content

State improvements #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 9, 2018
Merged

State improvements #224

merged 4 commits into from
May 9, 2018

Conversation

TomWeps
Copy link

@TomWeps TomWeps commented Jan 28, 2018

In the pull request two main changes are proposed:

State Separator
In the library, the semicolon character is always used as a separator between nonce and additional state.
There is a bug in the Microsoft Azure B2C web page, the state parameter cannot contain semicolon character (encoded %3B).
Step to reproduce:

Although it seems to be a Microsoft’s bug, still it would nice to have a possibility to customize this separator. This special character was already problematic once: #61

Getting additional state value when an error occurs (oauth failed).
The additional state value is extracted only for successful flow.
Some SPA might be interested to get state value even when an error occurs (it depends of the business logic in the application). I’m proposing to do the state parsing few lines earlier.

* Default separator is ';' (encoded %3B).
* In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
*/
public nonceStateSeparator = ';';
Copy link

@vdyalex vdyalex Jan 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be optional to the user. However, it needs a default value. Consider using nonceStateSeparator?= ';'

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx @alexndreazevedo, good point. It is changed.

@TomWeps
Copy link
Author

TomWeps commented Feb 2, 2018

@manfredsteyer Are there some chances to include those fixes soon?
I noticed, that none of the pull requests since December hasn’t been accepted yet.

@manfredsteyer manfredsteyer merged commit fcd0f8b into manfredsteyer:master May 9, 2018
@manfredsteyer
Copy link
Owner

Thx!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants