Comments (1)
I also stumbled upon this as it's an official part of the OAuth2 RFC
state
RECOMMENDED. An opaque value used by the client to maintain
state between the request and callback. The authorization
server includes this value when redirecting the user-agent back
to the client. The parameter SHOULD be used for preventing
cross-site request forgery as described in Section 10.12.
This is super handy to keep all kinds of application state like e.g. the url that was accessed prior to starting the authorization. react-oauth2-pkce
provides the preLogin
and postLogin
callbacks where the state can also be stored (e.g. in localstorage) but I guess having support for the state
parameter would be just as good.
from react-oauth2-pkce.
Related Issues (20)
- Bug: Fail to get token from a Spring Security server HOT 2
- Compatibility with ie11 HOT 1
- 💡 [REQUEST] - Add ability to add headers to requests HOT 6
- 💡 [REQUEST] - Scope parameter is not supported on an authorization code access_token exchange request HOT 8
- Bug: Client authentication with confidential access isn't working HOT 6
- Bug: Redirects replace instead of creating a history entry HOT 2
- 💡 [REQUEST] - Parse (refresh) token expiration from token payload HOT 5
- 💡 [REQUEST] - Refresh access token without resetting the refresh token HOT 1
- Bug: "codeVerifier" and "state" are stored in sessionStorage despite "storage" parameter being "local" HOT 4
- Bug: Does not work correctly if routing type is hash HOT 2
- 💡 [Feature] - Ability to send custom headers in the authorization, token requests HOT 6
- 💡 [REQUEST] - Pass extra parameters to login()-function
- 💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup HOT 1
- 💡 [REQUEST] - Enhance Logout Functionality HOT 2
- 💡 [Feature] - `postLogout`-callback HOT 2
- 💡 [Feature] - Allow for passing arbitrary arguments to `logOut()`
- Bug: codeVerifier is not set in sessionStorage (sometimes) HOT 4
- Bug: Refresh token has a fixed expiration time HOT 1
- /authorized?code complains 404 Not Found HOT 1
- Bug: Token is cleared before Logout HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-oauth2-pkce.