Skip to content

Commit

Permalink
Add option to avoid redirect_state parameter. Refs #386
Browse files Browse the repository at this point in the history
  • Loading branch information
@omab
omab committed Jul 5, 2012
1 parent 7ede350 commit 2abd25b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
6 changes: 5 additions & 1 deletion social_auth/backends/__init__.py
View file
Expand Up @@ -660,14 +660,18 @@ class BaseOAuth2(BaseOAuth):
RESPONSE_TYPE = 'code'
SCOPE_VAR_NAME = None
DEFAULT_SCOPE = None
REDIRECT_STATE = True

def state_token(self):
"""Generate csrf token to include as state parameter."""
return get_random_string(32)

def get_redirect_uri(self, state):
"""Build redirect_uri with redirect_state parameter."""
return url_add_parameters(self.redirect_uri, {'redirect_state': state})
uri = self.redirect_uri
if self.REDIRECT_STATE:
uri = url_add_parameters(uri, {'redirect_state': state})
return uri

def auth_url(self):
"""Return redirect url"""
Expand Down
1 change: 1 addition & 0 deletions social_auth/backends/google.py
View file
Expand Up @@ -195,6 +195,7 @@ class GoogleOAuth2(BaseOAuth2):
SETTINGS_SECRET_NAME = 'GOOGLE_OAUTH2_CLIENT_SECRET'
SCOPE_VAR_NAME = 'GOOGLE_OAUTH_EXTRA_SCOPE'
DEFAULT_SCOPE = GOOGLE_OAUTH2_SCOPE
REDIRECT_STATE = False

def user_data(self, access_token, *args, **kwargs):
"""Return user data from Google API"""
Expand Down

0 comments on commit 2abd25b

Please sign in to comment.