Allow using customstate

Author: bpedroza

package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-pkce",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "A package that makes using the OAuth2 PKCE flow easier",
   "main": "dist/PKCE.js",
   "types": "dist/PKCE.d.ts",

src/IObject.d.ts

@@ -0,0 +1,3 @@
+export default interface IObject {
+  [key: string]: any;
+}

src/PKCE.ts

@@ -3,6 +3,7 @@ import Base64 from 'crypto-js/enc-base64';
 import WordArray from 'crypto-js/lib-typedarrays';
 import IAuthResponse from './IAuthResponse';
 import IConfig from './IConfig';
+import IObject from './IObject';
 import ITokenResponse from './ITokenResponse';
 
 export default class PKCE {
@@ -23,15 +24,15 @@ export default class PKCE {
    * @param  {object} additionalParams include additional parameters in the query
    * @return Promise<string>
    */
-  public authorizeUrl(additionalParams: object = {}): string {
+  public authorizeUrl(additionalParams: IObject = {}): string {
     const codeChallenge = this.pkceChallengeFromVerifier();
 
     const queryString = new URLSearchParams(
       Object.assign(
         {
           response_type: 'code',
           client_id: this.config.client_id,
-          state: this.getState(),
+          state: this.getState(additionalParams.state || null),
           scope: this.config.requested_scopes,
           redirect_uri: this.config.redirect_uri,
           code_challenge: codeChallenge,
@@ -50,7 +51,7 @@ export default class PKCE {
    * @param  {object} additionalParams include additional parameters in the request body
    * @return {Promise<ITokenResponse>}
    */
-  public exchangeForAccessToken(url: string, additionalParams: object = {}): Promise<ITokenResponse> {
+  public exchangeForAccessToken(url: string, additionalParams: IObject = {}): Promise<ITokenResponse> {
     return this.parseAuthResponseUrl(url).then((q) => {
       return fetch(this.config.token_endpoint, {
         method: 'POST',
@@ -90,9 +91,15 @@ export default class PKCE {
    * Get the current state or generate a new one
    * @return {string}
    */
-  private getState(): string {
+  private getState(explicit: string = null): string {
+    const stateKey = 'pkce_state';
+
+    if (explicit !== null) {
+      sessionStorage.setItem(stateKey, explicit);
+    }
+
     if (this.state === '') {
-      this.state = this.randomStringFromStorage('pkce_state');
+      this.state = this.randomStringFromStorage(stateKey);
     }
 
     return this.state;

tests/PKCE.test.ts

@@ -34,6 +34,14 @@ describe('Test PKCE authorization url', () => {
     expect(url).toContain('&client_id=' + config.client_id);
     expect(url).toContain('&test_param=test');
   });
+
+  it('Should update state from additional params', async () => {
+    const instance = new PKCE(config);
+    const url = instance.authorizeUrl({state: 'Anewteststate'});
+
+    expect(url).toContain('&state=Anewteststate');
+    expect(sessionStorage.getItem('pkce_state')).toEqual('Anewteststate');
+  });
 });
 
 describe('Test PKCE exchange code for token', () => {