Skip to content

Commit afa0a96

Browse files
nvh95nvh95
committed
feat: Bring back state 
1 parent c5c09f1 commit afa0a96

File tree

3 files changed

+10
-6
lines changed

3 files changed

+10
-6
lines changed

src/LinkedIn.tsx

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ export function LinkedIn({
77
clientId,
88
onSuccess,
99
onError,
10+
state,
1011
scope,
1112
closePopupMessage,
1213
}: LinkedInType) {
@@ -15,6 +16,7 @@ export function LinkedIn({
1516
clientId,
1617
onSuccess,
1718
onError,
19+
state,
1820
scope,
1921
closePopupMessage,
2022
});

src/types.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ export interface useLinkedInType {
99
error: string;
1010
errorMessage: string;
1111
}) => void;
12+
state?: string;
1213
scope?: string;
1314
closePopupMessage?: string;
1415
}

src/useLinkedIn.tsx

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,26 +25,27 @@ export function useLinkedIn({
2525
onSuccess,
2626
onError,
2727
scope = 'r_emailaddress',
28+
state = '',
2829
closePopupMessage = 'User closed the popup',
2930
}: useLinkedInType) {
3031
const popupRef = useRef<Window>(null);
3132
const popUpIntervalRef = useRef<number>(null);
3233

3334
const receiveMessage = useCallback(
3435
(event: MessageEvent) => {
35-
const state = localStorage.getItem(LINKEDIN_OAUTH2_STATE);
36+
const savedState = localStorage.getItem(LINKEDIN_OAUTH2_STATE);
3637
if (event.origin === window.location.origin) {
3738
if (event.data.errorMessage && event.data.from === 'Linked In') {
3839
// Prevent CSRF attack by testing state
39-
if (event.data.state !== state) {
40+
if (event.data.state !== savedState) {
4041
popupRef.current && popupRef.current.close();
4142
return;
4243
}
4344
onError && onError(event.data);
4445
popupRef.current && popupRef.current.close();
4546
} else if (event.data.code && event.data.from === 'Linked In') {
4647
// Prevent CSRF attack by testing state
47-
if (event.data.state !== state) {
48+
if (event.data.state !== savedState) {
4849
console.error('State does not match');
4950
popupRef.current && popupRef.current.close();
5051
return;
@@ -81,9 +82,9 @@ export function useLinkedIn({
8182

8283
const getUrl = () => {
8384
const scopeParam = `&scope=${encodeURI(scope)}`;
84-
const state = generateRandomString();
85-
localStorage.setItem(LINKEDIN_OAUTH2_STATE, state);
86-
const linkedInAuthLink = `https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=${clientId}&redirect_uri=${redirectUri}${scopeParam}&state=${state}`;
85+
const generatedState = state || generateRandomString();
86+
localStorage.setItem(LINKEDIN_OAUTH2_STATE, generatedState);
87+
const linkedInAuthLink = `https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=${clientId}&redirect_uri=${redirectUri}${scopeParam}&state=${generatedState}`;
8788
return linkedInAuthLink;
8889
};
8990

0 commit comments

Comments
 (0)