Skip to content

docs: fix state parameter type documentation to match implementation #327

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicknisi merged 1 commit into from
Oct 29, 2025
Merged

docs: fix state parameter type documentation to match implementation #327

nicknisi merged 1 commit into from
Oct 29, 2025

Conversation

@nicknisi
Copy link
Member

@nicknisi nicknisi commented Oct 28, 2025
edited
Loading

Summary

Fixes #326

The state parameter in getSignInUrl/getSignUpUrl is implemented as a string (matching OAuth 2.0 RFC 6749 specification), but the documentation showed examples using object literals without JSON serialization. This created a mismatch between what the docs promised and what actually works.

Changes

Updated all documentation examples to show explicit serialization:

  1. Type documentation (line 141): Changed from Record<string, any> | undefined to string | undefined with parsing note
  2. Early callback example (lines 103-105): Added JSON.parse(state) before accessing properties
  3. Inline sign-in example (lines 227-232): Added JSON.stringify() around state object
  4. Full "Passing Custom State" section (lines 405-445):
    • Updated intro to explain state is a string per OAuth spec
    • Added JSON.stringify() to all examples
    • Added JSON.parse() with null checks in callbacks
    • Added RFC 6749 reference explaining why serialization is manual

Why This Approach

The implementation correctly follows OAuth 2.0 RFC 6749, which defines state as an "opaque string". Keeping it as a string gives users control over serialization format (JSON, base64, encrypted tokens, etc.) and matches the WorkOS SDK interface.

@nicknisi
docs: fix state parameter type documentation to match implementation
f66f3c5 
The state parameter in getSignInUrl/getSignUpUrl is implemented as a
string (matching OAuth 2.0 RFC 6749 specification), but the documentation
showed examples using object literals without JSON serialization.

This commit updates all documentation examples to:
- Show explicit JSON.stringify() when passing state objects
- Show explicit JSON.parse() when reading state in callbacks
- Update the type table to reflect string | undefined instead of Record<string, any>
- Add a note explaining that state is an opaque string per OAuth 2.0 spec

Fixes #326
@nicknisi nicknisi requested a review from a team as a code owner October 28, 2025 16:38
@nicknisi nicknisi requested a review from gcarvelli October 28, 2025 16:38
@nicknisi nicknisi mentioned this pull request Oct 28, 2025
Closed
@nicknisi nicknisi requested a review from stacurry October 28, 2025 20:39
@nicknisi nicknisi merged commit cfaef3f into main Oct 29, 2025
4 checks passed
@nicknisi nicknisi deleted the fix/state-parameter-docs branch October 29, 2025 22:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stacurry stacurry stacurry approved these changes

@gcarvelli gcarvelli Awaiting requested review from gcarvelli gcarvelli is a code owner automatically assigned from workos/typescript

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

getSignInUrl state type doesn't align with the docs

3 participants

@nicknisi @stacurry