allow state instead of data for signin/out requests

brockallen · brockallen · commit 2ec78ff5f88e · 2016-10-02T18:09:50.000-04:00
diff --git a/src/OidcClient.js b/src/OidcClient.js
@@ -39,7 +39,11 @@ export default class OidcClient {
     }
 
     createSigninRequest({
-        response_type, scope, redirect_uri, data,
+        response_type, scope, redirect_uri, 
+        // data was meant to be the place a caller could indiate the data to 
+        // have round tripped, but people were getting confused, so i added state (since that matches the spec) 
+        // and so now if data is not passed, but state is then state will be used
+        data, state,
         prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values} = {},
         stateStore
     ) {
@@ -68,15 +72,15 @@ export default class OidcClient {
                 redirect_uri,
                 response_type,
                 scope,
-                data,
+                data: data || state,
                 authority,
                 prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values
             });
 
-            var state = request.state;
+            var signinState = request.state;
             stateStore = stateStore || this._stateStore;
 
-            return stateStore.set(state.id, state.toStorageString()).then(() => {
+            return stateStore.set(signinState.id, signinState.toStorageString()).then(() => {
                 return request;
             });
         });
@@ -107,7 +111,7 @@ export default class OidcClient {
         });
     }
 
-    createSignoutRequest({id_token_hint, data, post_logout_redirect_uri} = {},
+    createSignoutRequest({id_token_hint, data, state, post_logout_redirect_uri} = {},
         stateStore
     ) {
         Log.info("OidcClient.createSignoutRequest");
@@ -126,15 +130,15 @@ export default class OidcClient {
                 url,
                 id_token_hint,
                 post_logout_redirect_uri,
-                data
+                data: data || state
             });
 
-            var state = request.state;
-            if (state) {
+            var signoutState = request.state;
+            if (signoutState) {
                 Log.info("Signout request has state to persist");
 
                 stateStore = stateStore || this._stateStore;
-                stateStore.set(state.id, state.toStorageString());
+                stateStore.set(signoutState.id, signoutState.toStorageString());
             }
 
             return request;
diff --git a/test/unit/OidcClient.spec.js b/test/unit/OidcClient.spec.js
@@ -149,6 +149,43 @@ describe("OidcClient", function () {
             });
         });
 
+        it("should pass state in place of data to SigninRequest", function (done) {
+            stubMetadataService.getAuthorizationEndpointResult = Promise.resolve("http://sts/authorize");
+
+            var p = subject.createSigninRequest({
+                state: 'foo',
+                response_type: 'bar',
+                scope: 'baz',
+                redirect_uri: 'quux',
+                prompt: 'p',
+                display: 'd',
+                max_age: 'm',
+                ui_locales: 'u',
+                id_token_hint: 'ith',
+                login_hint: 'lh',
+                acr_values: 'av'
+            });
+
+            p.then(request => {
+                request.state.data.should.equal('foo');
+
+                var url = request.url;
+                url.should.contain("http://sts/authorize");
+                url.should.contain("response_type=bar");
+                url.should.contain("scope=baz");
+                url.should.contain("redirect_uri=quux");
+                url.should.contain("prompt=p");
+                url.should.contain("display=d");
+                url.should.contain("max_age=m");
+                url.should.contain("ui_locales=u");
+                url.should.contain("id_token_hint=ith");
+                url.should.contain("login_hint=lh");
+                url.should.contain("acr_values=av");
+
+                done();
+            });
+        });
+
         it("should fail if metadata fails", function (done) {
 
             stubMetadataService.getAuthorizationEndpointResult = Promise.reject(new Error("test"));
@@ -242,6 +279,25 @@ describe("OidcClient", function () {
             });
         });
 
+        it("should pass state in place of data to SignoutRequest", function (done) {
+            stubMetadataService.getEndSessionEndpointResult = Promise.resolve("http://sts/signout");
+
+            var p = subject.createSignoutRequest({
+                state: 'foo',
+                post_logout_redirect_uri: "bar",
+                id_token_hint: "baz"
+            });
+
+            p.then(request => {
+                request.state.data.should.equal('foo');
+                var url = request.url;
+                url.should.contain("http://sts/signout");
+                url.should.contain("post_logout_redirect_uri=bar");
+                url.should.contain("id_token_hint=baz");
+                done();
+            });
+        });
+
         it("should pass params to SignoutRequest", function (done) {
             stubMetadataService.getEndSessionEndpointResult = Promise.resolve("http://sts/signout");
 
