From 593758a5f75fef69f91ab67a480f8902297d1273 Mon Sep 17 00:00:00 2001
From: "Weps, Tomasz" <tweps@krollontrack.com>
Date: Sun, 28 Jan 2018 04:09:42 +0100
Subject: [PATCH 1/3] Added nonceStateSeparator to the configuration.

---
 angular-oauth2-oidc/src/auth.config.ts   |  9 ++++++++-
 angular-oauth2-oidc/src/oauth-service.ts | 13 +++----------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/angular-oauth2-oidc/src/auth.config.ts b/angular-oauth2-oidc/src/auth.config.ts
index bb4d6229..6e935cd3 100644
--- a/angular-oauth2-oidc/src/auth.config.ts
+++ b/angular-oauth2-oidc/src/auth.config.ts
@@ -200,5 +200,12 @@ export class AuthConfig {
      * Normally, the discovey document's url starts with the url of the issuer.
      */
     public skipIssuerCheck? = false;
-    
+
+    /*
+     * final state sent to issuer is built as follows:
+     * state = nonce + nonceStateSeparator + additional state
+     * Default separator is ';' (encoded %3B).
+     * In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
+     */
+    public nonceStateSeparator = ';';    
 }
diff --git a/angular-oauth2-oidc/src/oauth-service.ts b/angular-oauth2-oidc/src/oauth-service.ts
index 17847937..8ea8327d 100644
--- a/angular-oauth2-oidc/src/oauth-service.ts
+++ b/angular-oauth2-oidc/src/oauth-service.ts
@@ -923,7 +923,7 @@ export class OAuthService
         return this.createAndSaveNonce().then((nonce: any) => {
 
             if (state) {
-                state = nonce + ';' + state;
+                state = nonce + this.config.nonceStateSeparator + state;
             }
             else {
                 state = nonce;
@@ -1125,19 +1125,12 @@ export class OAuthService
         }
 
         let nonceInState = state;
-        let idx = state.indexOf(';');
+        let idx = state.indexOf(this.config.nonceStateSeparator);
 
         if ( idx > -1) {
             nonceInState = state.substr(0, idx);
-            this.state = state.substr(idx+1);
+            this.state = state.substr(idx + this.config.nonceStateSeparator.length);
         }
-        /*
-        let stateParts = state.split(';');
-        if (stateParts.length > 1) {
-            this.state = stateParts[1];
-        }
-        */
-        // let nonceInState = stateParts[0];
 
         if (this.requestAccessToken && !options.disableOAuth2StateCheck) {
             let success = this.validateNonceForAccessToken(accessToken, nonceInState);

From 3be82b041d7da1ff398af7b6ab5591f69da97ffd Mon Sep 17 00:00:00 2001
From: "Weps, Tomasz" <tweps@krollontrack.com>
Date: Sun, 28 Jan 2018 04:44:51 +0100
Subject: [PATCH 2/3] State extracting when error occurs

---
 angular-oauth2-oidc/src/oauth-service.ts | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/angular-oauth2-oidc/src/oauth-service.ts b/angular-oauth2-oidc/src/oauth-service.ts
index 8ea8327d..060232ba 100644
--- a/angular-oauth2-oidc/src/oauth-service.ts
+++ b/angular-oauth2-oidc/src/oauth-service.ts
@@ -1096,6 +1096,16 @@ export class OAuthService
 
         this.debug('parsed url', parts);
 
+        let state = decodeURIComponent(parts['state']);
+        let nonceInState = state;
+        let idx = state.indexOf(this.config.nonceStateSeparator);
+
+        if ( idx > -1) {
+            nonceInState = state.substr(0, idx);
+            this.state = state.substr(idx + this.config.nonceStateSeparator.length);
+        }
+        
+
         if (parts['error']) {
             this.debug('error trying to login');
             this.handleLoginError(options, parts);
@@ -1105,8 +1115,7 @@ export class OAuthService
         }
 
         let accessToken = parts['access_token'];
-        let idToken = parts['id_token'];
-        let state = decodeURIComponent(parts['state']);
+        let idToken = parts['id_token'];        
         let sessionState = parts['session_state'];
 
         if (!this.requestAccessToken && !this.oidc) {
@@ -1124,13 +1133,6 @@ export class OAuthService
                 + 'does not contain a session_state claim');
         }
 
-        let nonceInState = state;
-        let idx = state.indexOf(this.config.nonceStateSeparator);
-
-        if ( idx > -1) {
-            nonceInState = state.substr(0, idx);
-            this.state = state.substr(idx + this.config.nonceStateSeparator.length);
-        }
 
         if (this.requestAccessToken && !options.disableOAuth2StateCheck) {
             let success = this.validateNonceForAccessToken(accessToken, nonceInState);

From 9647559c44f772f1fd164a6d484dc4833202fcd6 Mon Sep 17 00:00:00 2001
From: "Weps, Tomasz" <tweps@krollontrack.com>
Date: Mon, 29 Jan 2018 10:35:00 +0100
Subject: [PATCH 3/3] Configuration, nonceStateSeparator paramter as an
 optional parameter.

---
 angular-oauth2-oidc/src/auth.config.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/angular-oauth2-oidc/src/auth.config.ts b/angular-oauth2-oidc/src/auth.config.ts
index 6e935cd3..c80e7c33 100644
--- a/angular-oauth2-oidc/src/auth.config.ts
+++ b/angular-oauth2-oidc/src/auth.config.ts
@@ -207,5 +207,5 @@ export class AuthConfig {
      * Default separator is ';' (encoded %3B).
      * In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
      */
-    public nonceStateSeparator = ';';    
+    public nonceStateSeparator? = ';';    
 }