diff --git a/CHANGELOG.md b/CHANGELOG.md index eacd7d3c..d0055069 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [unreleased] +* Added support for custom state. #336 + ## [0.9.10] ## Fixed diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php index bac366cf..095b688b 100644 --- a/src/OpenIDConnectClient.php +++ b/src/OpenIDConnectClient.php @@ -266,6 +266,11 @@ class OpenIDConnectClient */ private $token_endpoint_auth_methods_supported = ['client_secret_basic']; + /** + * @var callable function that returns custom state string + */ + private $customStateCallback; + /** * @param $provider_url string optional * @@ -792,7 +797,7 @@ private function requestAuthorization() { $nonce = $this->setNonce($this->generateRandString()); // State essentially acts as a session key for OIDC - $state = $this->setState($this->generateRandString()); + $state = $this->setState($this->getCustomState() ?: $this->generateRandString()); $auth_params = array_merge($this->authParams, [ 'response_type' => $response_type, @@ -1946,6 +1951,28 @@ protected function unsetState() { $this->unsetSessionKey('openid_connect_state'); } + /** + * Set customStateCallback function which should return string + * + * @param callable $state + * @return void + */ + public function setCustomStateCallback(callable $callback) { + $this->customStateCallback = $callback; + } + + /** + * Get customState (call user defined function which returns string) + * + * @return string + */ + public function getCustomState() { + if (is_callable($this->customStateCallback)) { + return call_user_func($this->customStateCallback); + } + return null; + } + /** * Stores $codeVerifier *