From 7786018051b5808f7187b5ff74d1971d5f611db8 Mon Sep 17 00:00:00 2001
From: Jiankun Yang <110372666+0xyjk@users.noreply.github.com>
Date: Sun, 19 Nov 2023 07:30:29 +0800
Subject: [PATCH] feat: use short state for OAuth provider (#2504)

* fix: use fixed length of state

* fix: use short state
---
 web/src/auth/Provider.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/auth/Provider.js b/web/src/auth/Provider.js
index 99718840..7e77637e 100644
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@@ -382,7 +382,7 @@ export function getAuthUrl(application, provider, method) {
   let redirectUri = `${window.location.origin}/callback`;
   const scope = authInfo[provider.type].scope;
 
-  const isShortState = provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger");
+  const isShortState = (provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger")) || (provider.type === "Twitter");
   const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
   const codeChallenge = "P3S-a7dr8bgM4bF6vOyiKkKETDl16rcAzao9F8UIL1Y"; // SHA256(Base64-URL-encode("casdoor-verifier"))