marc/scotty
1
0
Fork 0
mirror of https://git.sr.ht/~phw/scotty synced 2025-04-25 05:47:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

auth: generate oauth2 state randomly

Browse source
This commit is contained in:
Philipp Wolfer 2023-11-28 17:58:52 +01:00
parent 4bf0f2c81d
commit b169dd2cc4
No known key found for this signature in database
GPG key ID: 8FDF744D4919943B
2 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cmd/auth.go
View file

@ -50,7 +50,7 @@ var authCmd = &cobra.Command{
// https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#name-countermeasures-6
verifier := oauth2.GenerateVerifier()
state := "somestate" // FIXME: Should be a random string
state := auth.RandomState()
// Redirect user to consent page to ask for permission specified scopes.
authUrl := strategy.AuthCodeURL(verifier, state)