[feature] add 'state' oauth2 param to /oauth/authorize (#730)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2022-07-28 16:43:27 +0200
committer: GitHub <noreply@github.com> 2022-07-28 16:43:27 +0200
commit: 8106b6985620956ce8cfa4126143a95ca87ea976 (patch)
tree: 8536e71042f3ec790c94fd91aa6c955984cf521e /internal/api/model/oauth.go
parent: [bugfix] Fix Toot CLI media attachments not working properly (#726) (diff)
download: gotosocial-8106b6985620956ce8cfa4126143a95ca87ea976.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/internal/api/model/oauth.go b/internal/api/model/oauth.go
index c86e4723e..e6dc0d42c 100644
--- a/internal/api/model/oauth.go
+++ b/internal/api/model/oauth.go
@@ -33,4 +33,8 @@ type OAuthAuthorize struct {
 	// List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters).
 	// Must be a subset of scopes declared during app registration. If not provided, defaults to read.
 	Scope string `form:"scope" json:"scope"`
+	// State is used by the application to store request-specific data and/or prevent CSRF attacks.
+	// The authorization server must return the unmodified state value back to the application.
+	// See https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/
+	State string `form:"state" json:"state"`
 }
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2022-07-28 16:43:27 +0200
committer	GitHub <noreply@github.com>	2022-07-28 16:43:27 +0200
commit	8106b6985620956ce8cfa4126143a95ca87ea976 (patch)
tree	8536e71042f3ec790c94fd91aa6c955984cf521e /internal/api/model/oauth.go
parent	[bugfix] Fix Toot CLI media attachments not working properly (#726) (diff)
download	gotosocial-8106b6985620956ce8cfa4126143a95ca87ea976.tar.xz