#19 make use of state parameter

nomjs · May 21, 2016 · 61eb995 · 61eb995
1 parent ce318a7
commit 61eb995
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/src/modules/oauth-github.js b/src/modules/oauth-github.js
@@ -18,15 +18,16 @@ class OauthGithub extends Module {
     this.requestPromise = requestPromise;
   }
 
-  login(sessionCode, clientId, clientSecret) {
+  login(sessionCode, state, clientId, clientSecret) {
     let options = {
       method: 'POST',
       uri: 'https://github.com/login/oauth/access_token',
       json: true,
       body: {
         'client_id': clientId,
         'client_secret': clientSecret,
-        'code': sessionCode
+        'code': sessionCode,
+        'state': state
       }
     };
     return new Promise((resolve, reject) => {

diff --git a/src/resources/oauth/github.js b/src/resources/oauth/github.js
@@ -12,8 +12,8 @@ class GithubResource extends Resource {
   }
 
   getAll(ctx) {
-    // TODO should also include "state"
     let sessionCode = ctx.query.code;
+    let state = ctx.query.state;
     let clientId = this.params.get('github oauth client id');
     let clientSecret = this.params.get('github oauth client secret');
 
@@ -26,7 +26,7 @@ class GithubResource extends Resource {
         scope: "user:email"
       }
      */
-    return this.oauthGithub.login(sessionCode, clientId, clientSecret)
+    return this.oauthGithub.login(sessionCode, state, clientId, clientSecret)
       .then((response) => {
         this.log.debug(`Received user access token with scope: ${response.scope}`);
         // TODO: Store response.access_token in session