From 11fef51e2dff76c9cad44f7689e5736633c8f295 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 18 Aug 2023 15:18:04 +0300
Subject: [PATCH] fix(op): omit empty state from code flow redirect

Add test cases to reproduce the original bug, and it's resolution.

closes #415
---
 pkg/op/auth_request.go      | 8 ++++----
 pkg/op/auth_request_test.go | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/op/auth_request.go b/pkg/op/auth_request.go
index c264605..5621951 100644
--- a/pkg/op/auth_request.go
+++ b/pkg/op/auth_request.go
@@ -448,11 +448,11 @@ func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthReques
 		return
 	}
 	codeResponse := struct {
-		code  string
-		state string
+		Code  string `schema:"code"`
+		State string `schema:"state,omitempty"`
 	}{
-		code:  code,
-		state: authReq.GetState(),
+		Code:  code,
+		State: authReq.GetState(),
 	}
 	callback, err := AuthResponseURL(authReq.GetRedirectURI(), authReq.GetResponseType(), authReq.GetResponseMode(), &codeResponse, authorizer.Encoder())
 	if err != nil {
diff --git a/pkg/op/auth_request_test.go b/pkg/op/auth_request_test.go
index b812701..1fadffc 100644
--- a/pkg/op/auth_request_test.go
+++ b/pkg/op/auth_request_test.go
@@ -1026,7 +1026,7 @@ func TestAuthResponseCode(t *testing.T) {
 			},
 			res: res{
 				wantCode:           http.StatusFound,
-				wantLocationHeader: "/auth/callback/?code=id1&state=",
+				wantLocationHeader: "/auth/callback/?code=id1&state=state1",
 				wantBody:           "",
 			},
 		},
@@ -1051,7 +1051,7 @@ func TestAuthResponseCode(t *testing.T) {
 			},
 			res: res{
 				wantCode:           http.StatusFound,
-				wantLocationHeader: "/auth/callback/?code=id1&state=state1",
+				wantLocationHeader: "/auth/callback/?code=id1",
 				wantBody:           "",
 			},
 		},