Merge pull request #615 from KKonstantinov/bugfix/authorization-url-generate-state

OAuth Flow: generate random state parameter in oauth state machine

Author: olaservo

client/src/lib/oauth-state-machine.ts

@@ -113,13 +113,21 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         scope = metadata.scopes_supported.join(" ");
       }
 
+      // Generate a random state
+      const array = new Uint8Array(32);
+      crypto.getRandomValues(array);
+      const state = Array.from(array, (byte) =>
+        byte.toString(16).padStart(2, "0"),
+      ).join("");
+
       const { authorizationUrl, codeVerifier } = await startAuthorization(
         context.serverUrl,
         {
           metadata,
           clientInformation,
           redirectUrl: context.provider.redirectUrl,
           scope,
+          state: state,
           resource: context.state.resource ?? undefined,
         },
       );