mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Generic OAuth2: Set state: true
The OAuth2 specification RECOMMENDS setting the state to protect against CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to authenticate without the state set. Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
This commit is contained in:
parent
1945a73c11
commit
852868419d
1 changed files with 2 additions and 1 deletions
|
@ -17,7 +17,8 @@ export const OAuth2Middleware: AuthMiddleware = {
|
|||
clientSecret: config.oauth2.clientSecret,
|
||||
callbackURL: config.serverURL + '/auth/oauth2/callback',
|
||||
userProfileURL: config.oauth2.userProfileURL,
|
||||
scope: config.oauth2.scope
|
||||
scope: config.oauth2.scope,
|
||||
state: true
|
||||
}, passportGeneralCallback))
|
||||
|
||||
OAuth2Auth.get('/auth/oauth2', passport.authenticate('oauth2'))
|
||||
|
|
Loading…
Reference in a new issue