Support authorization endpoint that has query parameters, per RFC section 3.1.

Author: jaredhanson

lib/strategy.js

@@ -225,14 +225,23 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     var state = options.state;
     if (state) {
       params.state = state;
-      var location = this._oauth2.getAuthorizeUrl(params);
+      
+      var parsed = url.parse(this._oauth2._authorizeUrl, true);
+      utils.merge(parsed.query, params);
+      parsed.query['client_id'] = this._oauth2._clientId;
+      delete parsed.search;
+      var location = url.format(parsed);
       this.redirect(location);
     } else {
       function stored(err, state) {
         if (err) { return self.error(err); }
 
         if (state) { params.state = state; }
-        var location = self._oauth2.getAuthorizeUrl(params);
+        var parsed = url.parse(self._oauth2._authorizeUrl, true);
+        utils.merge(parsed.query, params);
+        parsed.query['client_id'] = self._oauth2._clientId;
+        delete parsed.search;
+        var location = url.format(parsed);
         self.redirect(location);
       }
 

lib/utils.js

@@ -1,3 +1,5 @@
+exports.merge = require('utils-merge');
+
 /**
  * Reconstructs the original URL of the request.
  *

package.json

@@ -33,9 +33,10 @@
   ],
   "main": "./lib",
   "dependencies": {
-    "passport-strategy": "1.x.x",
     "oauth": "0.9.x",
-    "uid2": "0.0.x"
+    "passport-strategy": "1.x.x",
+    "uid2": "0.0.x",
+    "utils-merge": "1.x.x"
   },
   "devDependencies": {
     "make-node": "0.3.x",

test/oauth2.state.session.test.js

@@ -109,6 +109,50 @@ describe('OAuth2Strategy', function() {
 
     }); // issuing authorization request
 
+    describe('issuing authorization request to authorization server using authorization endpoint that has query parameters including state', function() {
+      var strategy = new OAuth2Strategy({
+        authorizationURL: 'https://www.example.com/oauth2/authorize?foo=bar&state=baz',
+        tokenURL: 'https://www.example.com/oauth2/token',
+        clientID: 'ABC123',
+        clientSecret: 'secret',
+        callbackURL: 'https://www.example.net/auth/example/callback',
+        state: true
+      },
+      function(accessToken, refreshToken, profile, done) {});
+      
+      
+      describe('that redirects to service provider', function() {
+        var request, url;
+  
+        before(function(done) {
+          chai.passport.use(strategy)
+            .redirect(function(u) {
+              url = u;
+              done();
+            })
+            .req(function(req) {
+              request = req;
+              req.session = {};
+            })
+            .authenticate();
+        });
+  
+        it('should be redirected', function() {
+          var u = uri.parse(url, true);
+          expect(u.query.foo).equal('bar');
+          expect(u.query.state).to.have.length(24);
+        });
+      
+        it('should save state in session', function() {
+          var u = uri.parse(url, true);
+        
+          expect(request.session['oauth2:www.example.com'].state).to.have.length(24);
+          expect(request.session['oauth2:www.example.com'].state).to.equal(u.query.state);
+        });
+      }); // that redirects to service provider
+      
+    }); // issuing authorization request to authorization server using authorization endpoint that has query parameters including state
+    
     describe('processing response to authorization request', function() {
       var strategy = new OAuth2Strategy({
         authorizationURL: 'https://www.example.com/oauth2/authorize',

test/oauth2.test.js

@@ -361,6 +361,93 @@ describe('OAuth2Strategy', function() {
       });
     }); // that redirects to service provider with relative redirect URI option
 
+    describe('that redirects to authorization server using authorization endpoint that has query parameters with scope option', function() {
+      var strategy = new OAuth2Strategy({
+        authorizationURL: 'https://www.example.com/oauth2/authorize?foo=bar',
+        tokenURL: 'https://www.example.com/oauth2/token',
+        clientID: 'ABC123',
+        clientSecret: 'secret',
+        callbackURL: 'https://www.example.net/auth/example/callback',
+      },
+      function(accessToken, refreshToken, profile, done) {});
+      
+      
+      var url;
+  
+      before(function(done) {
+        chai.passport.use(strategy)
+          .redirect(function(u) {
+            url = u;
+            done();
+          })
+          .req(function(req) {
+          })
+          .authenticate({ scope: 'email' });
+      });
+  
+      it('should be redirected', function() {
+        expect(url).to.equal('https://www.example.com/oauth2/authorize?foo=bar&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&scope=email&client_id=ABC123');
+      });
+    }); // that redirects to authorization server using authorization endpoint that has query parameters with scope option
+    
+    describe('that redirects to authorization server using authorization endpoint that has query parameters including scope with scope option', function() {
+      var strategy = new OAuth2Strategy({
+        authorizationURL: 'https://www.example.com/oauth2/authorize?foo=bar&scope=baz',
+        tokenURL: 'https://www.example.com/oauth2/token',
+        clientID: 'ABC123',
+        clientSecret: 'secret',
+        callbackURL: 'https://www.example.net/auth/example/callback',
+      },
+      function(accessToken, refreshToken, profile, done) {});
+      
+      
+      var url;
+  
+      before(function(done) {
+        chai.passport.use(strategy)
+          .redirect(function(u) {
+            url = u;
+            done();
+          })
+          .req(function(req) {
+          })
+          .authenticate({ scope: 'email' });
+      });
+  
+      it('should be redirected', function() {
+        expect(url).to.equal('https://www.example.com/oauth2/authorize?foo=bar&scope=email&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
+      });
+    }); // that redirects to authorization server using authorization endpoint that has query parameters including scope with scope option
+    
+    describe('that redirects to authorization server using authorization endpoint that has query parameters including state with state option', function() {
+      var strategy = new OAuth2Strategy({
+        authorizationURL: 'https://www.example.com/oauth2/authorize?foo=bar&state=baz',
+        tokenURL: 'https://www.example.com/oauth2/token',
+        clientID: 'ABC123',
+        clientSecret: 'secret',
+        callbackURL: 'https://www.example.net/auth/example/callback',
+      },
+      function(accessToken, refreshToken, profile, done) {});
+      
+      
+      var url;
+  
+      before(function(done) {
+        chai.passport.use(strategy)
+          .redirect(function(u) {
+            url = u;
+            done();
+          })
+          .req(function(req) {
+          })
+          .authenticate({ state: 'foo123' });
+      });
+  
+      it('should be redirected', function() {
+        expect(url).to.equal('https://www.example.com/oauth2/authorize?foo=bar&state=foo123&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
+      });
+    }); // that redirects to authorization server using authorization endpoint that has query parameters including state with state option
+    
   }); // issuing authorization request