apply patch suggested in clojusc#36 to prevent infinite redirects

CHANGELOG.md

@@ -1,3 +1,7 @@
+## Changelog 0.1.3 -> 0.1.4
+
+* apply patch suggested in https://github.com/ddellacosta/friend-oauth2/issues/36 to prevent infinite redirects
+
 ## Changelog 0.1.0 -> 0.1.1
 
 * (this time for reals) adds credential-fn for injecting your own functionality in the post-3rd-party-authentication stage. Thanks go to Kevin Lynagh (https://github.com/lynaghk) for this feature.

project.clj

@@ -1,4 +1,4 @@
-(defproject friend-oauth2 "0.1.3"
+(defproject vita-io/friend-oauth2 "0.1.4"
   :description "OAuth2 workflow for Friend (https://github.com/cemerick/friend). (Bug reports/contributions welcome!)"
   :url "https://github.com/ddellacosta/friend-oauth2"
   :license {:name "MIT License"

src/friend_oauth2/util.clj

@@ -37,8 +37,7 @@
 (defn extract-anti-forgery-token
   "Extracts the anti-csrf state key from the response"
   [{session :session}]
-  (if-let [pairs (first (filter #(= (second %1) "state") session))]
-    (-> pairs first name)))
+  (:state session))
 
 (defn generate-anti-forgery-token
   "Generates random string for anti-forgery-token."

src/friend_oauth2/workflow.clj

@@ -35,7 +35,7 @@
   "Redirects user to OAuth2 provider. Code should be in response."
   [{:keys [uri-config]} request]
   (let [anti-forgery-token    (util/generate-anti-forgery-token)
-        session-with-af-token (assoc (:session request) (keyword anti-forgery-token) "state")]
+        session-with-af-token (assoc (:session request) :state anti-forgery-token)]
     (-> uri-config
         (util/format-authn-uri anti-forgery-token)
         ring.util.response/redirect
@@ -59,7 +59,7 @@
               (vary-meta auth-map merge {::friend/workflow :oauth2
                                          ::friend/redirect-on-auth? true
                                          :type ::friend/auth})))
-         
+
           (let [auth-error-fn (:auth-error-fn config)]
             (if (and error auth-error-fn)
               (auth-error-fn error)