From: Justin Wind <justin.wind+git@gmail.com>
Date: Sat, 10 Jun 2023 18:45:28 +0000 (-0700)
Subject: generate fresh state uuid instead of lifting from ctx, as requestId is migrated to... 
X-Git-Tag: v1.3.1~4
X-Git-Url: http://git.squeep.com/?p=squeep-authentication-module;a=commitdiff_plain;h=dcbdec0fcdf0b0241a155c89ae03f63ecba6d395

generate fresh state uuid instead of lifting from ctx, as requestId is migrated to async local storage in later services
---

diff --git a/lib/session-manager.js b/lib/session-manager.js
index 9428203..6af1017 100644
--- a/lib/session-manager.js
+++ b/lib/session-manager.js
@@ -6,6 +6,7 @@
 
 const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper');
 const { MysteryBox } = require('@squeep/mystery-box');
+const { randomUUID } = require('crypto');
 const common = require('./common');
 const Enum = require('./enum');
 const Template = require('./template');
@@ -180,9 +181,10 @@ class SessionManager {
       if (authorizationEndpoint) {
         const pkce = await IndieAuthCommunication.generatePKCE();
 
+        const state = randomUUID();
         session = {
           authorizationEndpoint: authorizationEndpoint.href,
-          state: ctx.requestId,
+          state,
           codeVerifier: pkce.codeVerifier,
           me,
           redirect,