Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(passport): ignore static state and nonce passed to Strategy() #556

Merged
merged 3 commits into from
Jan 20, 2023

Conversation

prust
Copy link
Contributor

@prust prust commented Jan 19, 2023

@panva: As discussed, this pull request ignores static state and nonce values that are passed to the Strategy() (a mis-use of the API). Ignoring them here allows them to be dynamically generated on each authenticate() for flows that require them.

I also documented how to pass dynamic parameters to authenticate() (in a separate commit, daa70a5, in case you aren't interested in this change).

Note that this is a breaking change for users who are mis-using the API in this way if their Authorization Server requires a nonce or state for a flow where the spec does not require it.

Let me know if tests or anything else would be helpful.

docs/README.md Outdated Show resolved Hide resolved
@panva panva changed the title Ignore static state and nonce passed to Strategy() fix(passport): ignore static state and nonce passed to Strategy() Jan 20, 2023
@panva panva merged commit 43daff3 into panva:main Jan 20, 2023
@prust prust deleted the ig-static-state-nonce branch January 20, 2023 15:22
@github-actions github-actions bot locked and limited conversation to collaborators Apr 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants