X-Git-Url: http://git.squeep.com/?p=squeep-authentication-module;a=blobdiff_plain;f=lib%2Fsession-manager.js;h=6af1017ad6c1d6a5bdfc3c7ca53fdb3d72e239ca;hp=9428203a9619243355f35fb0950f826b7b7db118;hb=dcbdec0fcdf0b0241a155c89ae03f63ecba6d395;hpb=6557437fcef1d780b54e39ab93e07a6be36e4447

diff --git a/lib/session-manager.js b/lib/session-manager.js
index 9428203..6af1017 100644
--- a/lib/session-manager.js
+++ b/lib/session-manager.js
@@ -6,6 +6,7 @@
 
 const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper');
 const { MysteryBox } = require('@squeep/mystery-box');
+const { randomUUID } = require('crypto');
 const common = require('./common');
 const Enum = require('./enum');
 const Template = require('./template');
@@ -180,9 +181,10 @@ class SessionManager {
       if (authorizationEndpoint) {
         const pkce = await IndieAuthCommunication.generatePKCE();
 
+        const state = randomUUID();
         session = {
           authorizationEndpoint: authorizationEndpoint.href,
-          state: ctx.requestId,
+          state,
           codeVerifier: pkce.codeVerifier,
           me,
           redirect,