From 566b570d94d3dd9382cecd70626010f95b88221e Mon Sep 17 00:00:00 2001
From: David Schmitt <david.schmitt@overmind.tech>
Date: Tue, 27 Jun 2023 11:40:35 +0200
Subject: [PATCH] Replace static oauth state token with random generated

---
 cmd/request.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/cmd/request.go b/cmd/request.go
index cac37e60..584e648f 100644
--- a/cmd/request.go
+++ b/cmd/request.go
@@ -28,9 +28,6 @@ import (
 	"nhooyr.io/websocket/wspb"
 )
 
-// The value here doesn't matter as long as the server can send it back to us
-const oAuthStateString = "98723nd98273d28ydg279"
-
 // requestCmd represents the start command
 var requestCmd = &cobra.Command{
 	Use:   "request",
@@ -103,6 +100,8 @@ func Request(signals chan os.Signal, ready chan bool) int {
 			}
 
 			tokenChan := make(chan *oauth2.Token, 1)
+			// create a random token for this exchange
+			oAuthStateString := uuid.New().String()
 
 			// Start the web server to listen for the callback
 			handler := func(w http.ResponseWriter, r *http.Request) {