From 95202393426bbea48bd9646ed9f4ef120a14451e Mon Sep 17 00:00:00 2001
From: "Yamaguchi.Tomoki" <yamaguchi.tomoki@moneyforward.co.jp>
Date: Fri, 15 Jul 2016 19:08:10 +0900
Subject: [PATCH] Add state_length option to specify the legth of state
 parameter

---
 lib/omniauth/strategies/oauth2.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/omniauth/strategies/oauth2.rb b/lib/omniauth/strategies/oauth2.rb
index 3ffff1b..0d878c4 100644
--- a/lib/omniauth/strategies/oauth2.rb
+++ b/lib/omniauth/strategies/oauth2.rb
@@ -29,6 +29,7 @@ def self.inherited(subclass)
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :state_length, 48
 
       attr_accessor :access_token
 
@@ -49,7 +50,8 @@ def request_phase
       end
 
       def authorize_params
-        options.authorize_params[:state] = SecureRandom.hex(24)
+        state_length = options[:state_length]
+        options.authorize_params[:state] = SecureRandom.hex(state_length / 2 + 1)[0...state_length]
         params = options.authorize_params.merge(options_for("authorize"))
         if OmniAuth.config.test_mode
           @env ||= {}