From 8106b6985620956ce8cfa4126143a95ca87ea976 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Thu, 28 Jul 2022 16:43:27 +0200
Subject: [feature] add 'state' oauth2 param to /oauth/authorize (#730)

---
 internal/api/model/oauth.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'internal/api/model/oauth.go')

diff --git a/internal/api/model/oauth.go b/internal/api/model/oauth.go
index c86e4723e..e6dc0d42c 100644
--- a/internal/api/model/oauth.go
+++ b/internal/api/model/oauth.go
@@ -33,4 +33,8 @@ type OAuthAuthorize struct {
 	// List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters).
 	// Must be a subset of scopes declared during app registration. If not provided, defaults to read.
 	Scope string `form:"scope" json:"scope"`
+	// State is used by the application to store request-specific data and/or prevent CSRF attacks.
+	// The authorization server must return the unmodified state value back to the application.
+	// See https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/
+	State string `form:"state" json:"state"`
 }
-- 
cgit v1.2.3