From 87b4d0f7657df83ba25a9d4ab23b878dc3324b86 Mon Sep 17 00:00:00 2001 From: Erez Rokah Date: Mon, 2 Dec 2019 18:52:12 +0200 Subject: [PATCH] fix: pass auth type in authURL to be used in identity widget (#2920) --- packages/netlify-cms-lib-auth/src/implicit-oauth.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/netlify-cms-lib-auth/src/implicit-oauth.js b/packages/netlify-cms-lib-auth/src/implicit-oauth.js index a4518aea..5bb1bf9a 100644 --- a/packages/netlify-cms-lib-auth/src/implicit-oauth.js +++ b/packages/netlify-cms-lib-auth/src/implicit-oauth.js @@ -41,7 +41,9 @@ export default class ImplicitAuthenticator { authURL.searchParams.set('redirect_uri', document.location.origin + document.location.pathname); authURL.searchParams.set('response_type', 'token'); authURL.searchParams.set('scope', options.scope); - authURL.searchParams.set('state', createNonce()); + + const state = JSON.stringify({ auth_type: 'implicit', nonce: createNonce() }); + authURL.searchParams.set('state', state); document.location.assign(authURL.href); } @@ -59,7 +61,8 @@ export default class ImplicitAuthenticator { const params = Map(hashParams.entries()); - const validNonce = validateNonce(params.get('state')); + const { nonce } = JSON.parse(params.get('state')); + const validNonce = validateNonce(nonce); if (!validNonce) { return cb(new Error('Invalid nonce')); }