From dcbdec0fcdf0b0241a155c89ae03f63ecba6d395 Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Sat, 10 Jun 2023 11:45:28 -0700 Subject: [PATCH] generate fresh state uuid instead of lifting from ctx, as requestId is migrated to async local storage in later services --- lib/session-manager.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/session-manager.js b/lib/session-manager.js index 9428203..6af1017 100644 --- a/lib/session-manager.js +++ b/lib/session-manager.js @@ -6,6 +6,7 @@ const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper'); const { MysteryBox } = require('@squeep/mystery-box'); +const { randomUUID } = require('crypto'); const common = require('./common'); const Enum = require('./enum'); const Template = require('./template'); @@ -180,9 +181,10 @@ class SessionManager { if (authorizationEndpoint) { const pkce = await IndieAuthCommunication.generatePKCE(); + const state = randomUUID(); session = { authorizationEndpoint: authorizationEndpoint.href, - state: ctx.requestId, + state, codeVerifier: pkce.codeVerifier, me, redirect, -- 2.45.2