From f345ddd0c599da0bccb3b1c87c7233102e8c1b5e Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Fri, 17 Jun 2022 09:33:30 +0200
Subject: [PATCH] fix: add state in access token response (implicit flow)

---
 pkg/oidc/token.go | 1 +
 pkg/op/token.go   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
index c621c78..29d502e 100644
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@@ -396,6 +396,7 @@ type AccessTokenResponse struct {
 	RefreshToken string `json:"refresh_token,omitempty" schema:"refresh_token,omitempty"`
 	ExpiresIn    uint64 `json:"expires_in,omitempty" schema:"expires_in,omitempty"`
 	IDToken      string `json:"id_token,omitempty" schema:"id_token,omitempty"`
+	State        string `json:"state,omitempty" schema:"state,omitempty"`
 }
 
 type JWTProfileAssertionClaims interface {
diff --git a/pkg/op/token.go b/pkg/op/token.go
index 3ca2d7a..68e19d7 100644
--- a/pkg/op/token.go
+++ b/pkg/op/token.go
@@ -35,11 +35,13 @@ func CreateTokenResponse(ctx context.Context, request IDTokenRequest, client Cli
 		return nil, err
 	}
 
+	var state string
 	if authRequest, ok := request.(AuthRequest); ok {
 		err = creator.Storage().DeleteAuthRequest(ctx, authRequest.GetID())
 		if err != nil {
 			return nil, err
 		}
+		state = authRequest.GetState()
 	}
 
 	exp := uint64(validity.Seconds())
@@ -49,6 +51,7 @@ func CreateTokenResponse(ctx context.Context, request IDTokenRequest, client Cli
 		RefreshToken: newRefreshToken,
 		TokenType:    oidc.BearerToken,
 		ExpiresIn:    exp,
+		State:        state,
 	}, nil
 }