feat: use short state for OAuth provider (#2504)

* fix: use fixed length of state * fix: use short state
2025-05-23 02:35:49 +08:00 · 2023-11-19 07:30:29 +08:00 · 2023-11-19 07:30:29 +08:00 · 7786018051
commit 7786018051
parent 6c72f86d03
1 changed files with 1 additions and 1 deletions
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -382,7 +382,7 @@ export function getAuthUrl(application, provider, method) {
  let redirectUri = `${window.location.origin}/callback`;
  const scope = authInfo[provider.type].scope;

-  const isShortState = provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger");
+  const isShortState = (provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger")) || (provider.type === "Twitter");
  const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
  const codeChallenge = "P3S-a7dr8bgM4bF6vOyiKkKETDl16rcAzao9F8UIL1Y"; // SHA256(Base64-URL-encode("casdoor-verifier"))