Sending specific state while calling passport.authenticate

[kinjalkparmar]

Hi All,

I am sending a particular state parameter with the authenticate call as below. But that state is changed to a random string. How do I send a specific state and retrieve it after the callback url is called. Basically what I want is, I have couple of parameters based on which I will redirect to different routes. those i am trying to pass as state parameters, but they are changed to some random string and they are lost. How do I retrieve them. Thanks.

passport.authenticate('oidc', { state: JSON.stringify({ tab: 'placement' }) })

const passport = require('passport');
const OidcStrategy = require('passport-openidconnect').Strategy;

app.use(
session({
secret: crypto.randomBytes(64).toString('hex').substring(0, 20),
resave: true,
saveUninitialized: true,
})
);
app.use(passport.initialize());
app.use(passport.session());
passport.use(
'oidc',
new OidcStrategy(
{
issuer: 'xxxx',
authorizationURL: 'xxxx',
tokenURL: 'xxxx',
userInfoURL: 'xxxx',
clientID: 'xxxx',
clientSecret: 'xxxxx',
callbackURL: 'xxxxx',
scope: 'profile groups',
nonce: crypto
.randomBytes(64)
.toString('hex')
.substring(0, 20),
},
(issuer, sub, profile, accessToken, refreshToken, params, done) => {

  return done(null, profile);
}

)
);
app.use('/login',passport.authenticate('oidc', { state: JSON.stringify({ tab: 'placement' }) }) )`

[josephmulholland]

I've got the exact same issue. It appears that regardless of what is passed through in the options parameter of the .authenticate() call, the state parameter is ignored and randomly generated by the library:

https://github.com/jaredhanson/passport-openidconnect/blob/master/lib/state/session.js#L42

[newmanw]

Same issue here. Is it possible to use the StateStore in conjunction w/ other state params that app might need to round trip?

[revington]

got same issue while trying to implement the solution provided in this comment jaredhanson/passport-oauth2#96 (comment)

[navidkpr]

Got the same issue trying to use custom state

[sreelalkm]

Any updates ?

[Desocode]

I have the same issue

[mdelnegro-lennd]

Same!

[scarfunk]

any update?

[mrclicky]

got same issue while trying to implement the solution provided in this comment jaredhanson/passport-oauth2#96 (comment)

I just struggled with this and found that the data is actually passed back but is listed under the property authInfo.

So the given callback request post authentication middleware looks like this:

try {
  const { state } = req.authInfo;   // <----------- THIS PROPERTY IS NOT 'query' but 'authInfo'
  const { returnTo } = JSON.parse(Buffer.from(state, 'base64').toString());
  if (typeof returnTo === 'string' && returnTo.startsWith('/')) {
	return res.redirect(returnTo)
  }
} catch {
  // just redirect normally below
}

[kumarchandresh]

I was also lost in finding the state query param.

Going to leave this article written by @jaredhanson as a reference:
https://medium.com/passportjs/application-state-in-oauth-2-0-1d94379164e