Skip to content

Commit

Permalink
refactor: use nanoid for state generation
Browse files Browse the repository at this point in the history
  • Loading branch information
pooya parsa committed May 23, 2019
1 parent b730203 commit 162bc54
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 6 deletions.
2 changes: 0 additions & 2 deletions lib/core/utilities.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ export const encodeQuery = queryObject => {
.join('&')
}

export const randomString = () => (process.client ? btoa(Math.random() + '') : Buffer.from(Math.random() + '').toString('base64')).replace('==', '')

export const routeOption = (route, key, value) => {
return route.matched.some(m => {
if (process.client) {
Expand Down
8 changes: 4 additions & 4 deletions lib/schemes/oauth2.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,10 @@ export default class Oauth2Scheme {
redirect_uri: this._redirectURI,
scope: this._scope,
// Note: The primary reason for using the state parameter is to mitigate CSRF attacks.
// @see: https://auth0.com/docs/protocols/oauth2/oauth-state
state: this.options.state || randomString(),
...params,
};
// https://auth0.com/docs/protocols/oauth2/oauth-state
state: nanoid(),
...params
}

if (this.options.audience) {
opts.audience = this.options.audience
Expand Down

0 comments on commit 162bc54

Please sign in to comment.