refactor: use nanoid for state generation

nuxt-community · May 23, 2019 · 162bc54 · 162bc54
1 parent b730203
commit 162bc54
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/lib/core/utilities.js b/lib/core/utilities.js
@@ -25,8 +25,6 @@ export const encodeQuery = queryObject => {
     .join('&')
 }
 
-export const randomString = () => (process.client ? btoa(Math.random() + '') : Buffer.from(Math.random() + '').toString('base64')).replace('==', '')
-
 export const routeOption = (route, key, value) => {
   return route.matched.some(m => {
     if (process.client) {

diff --git a/lib/schemes/oauth2.js b/lib/schemes/oauth2.js
@@ -72,10 +72,10 @@ export default class Oauth2Scheme {
       redirect_uri: this._redirectURI,
       scope: this._scope,
       // Note: The primary reason for using the state parameter is to mitigate CSRF attacks.
-      // @see: https://auth0.com/docs/protocols/oauth2/oauth-state
-      state: this.options.state || randomString(),
-      ...params,
-    };
+      // https://auth0.com/docs/protocols/oauth2/oauth-state
+      state: nanoid(),
+      ...params
+    }
 
     if (this.options.audience) {
       opts.audience = this.options.audience