add state param

SerKnight · SerKnight · commit 3dc83bbdee71 · 2020-12-21T15:56:14.000-07:00
diff --git a/README.md b/README.md
@@ -61,7 +61,8 @@ creds = {
   client_id: ENV['CLIENT_ID'],
   client_secret: ENV['CLIENT_SECRET'],
   redirect_uri: ENV['REDIRECT_URI'],
-  scopes: ENV['SCOPES']
+  scopes: ENV['SCOPES'],
+  state: "this-can-be-a-custom-state-parameter" # optional
 }
 xero_client ||= XeroRuby::ApiClient.new(credentials: creds)
 ```
@@ -86,6 +87,9 @@ In your callback route catch, calling `get_token_set_from_callback` will exchang
 token_set = xero_client.get_token_set_from_callback(params)
 
 # save token_set JSON in a datastore in relation to the user authentication
+
+puts params['state']
+=> "this-can-be-a-custom-state-parameter"
 ```
 
 ## Making API calls once you have a token_set
diff --git a/lib/xero-ruby/api_client.rb b/lib/xero-ruby/api_client.rb
@@ -34,6 +34,7 @@ def initialize(config: Configuration.default, credentials: {})
       @client_secret = credentials[:client_secret]
       @redirect_uri = credentials[:redirect_uri]
       @scopes = credentials[:scopes]
+      @state = credentials[:state]
       @config = config
       @user_agent = "xero-ruby-#{VERSION}"
       @default_headers = {
@@ -43,7 +44,7 @@ def initialize(config: Configuration.default, credentials: {})
     end
 
     def authorization_url
-      url = "#{@config.login_url}?response_type=code&client_id=#{@client_id}&redirect_uri=#{@redirect_uri}&scope=#{@scopes}"
+      url = "#{@config.login_url}?response_type=code&client_id=#{@client_id}&redirect_uri=#{@redirect_uri}&scope=#{@scopes}&state=#{@state}"
       return url
     end
 
diff --git a/spec/api_client_spec.rb b/spec/api_client_spec.rb
@@ -2,7 +2,7 @@
 
 describe XeroRuby::ApiClient do
   context 'initialization' do
-    context 'URL stuff' do
+    context 'URL config' do
       context 'host' do
         it 'removes http from host' do
           XeroRuby.configure { |c| c.host = 'http://example.com' }
@@ -36,6 +36,20 @@
           expect(XeroRuby::Configuration.default.base_path).to eq('')
         end
       end
+
+      context "creates a valid authorization_url" do
+        it "passes through attributes" do
+          creds = {
+            client_id: 'abc',
+            client_secret: '123',
+            redirect_uri: 'https://mydomain.com/callback',
+            scopes: 'openid profile email accounting.transactions accounting.settings',
+            state: 'i-am-customer-state'
+          }
+          api_client = XeroRuby::ApiClient.new(credentials: creds)
+          expect(api_client.authorization_url).to eq('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=abc&redirect_uri=https://mydomain.com/callback&scope=openid profile email accounting.transactions accounting.settings&state=i-am-customer-state')
+        end
+      end
     end
   end
 
