File tree Expand file tree Collapse file tree 1 file changed +10
-0
lines changed
Expand file tree Collapse file tree 1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -341,6 +341,8 @@ async def get_login_redirect(
341341 response = RedirectResponse (login_uri , 303 )
342342 if self .uses_pkce :
343343 response .set_cookie ("pkce_code_verifier" , str (self ._pkce_code_verifier ))
344+ if state is not None :
345+ response .set_cookie ("sso_state" , state )
344346 return response
345347
346348 @overload
@@ -402,6 +404,14 @@ async def verify_and_process(
402404 )
403405 raise SSOLoginError (400 , "'code' parameter was not found in callback request" )
404406 self ._state = request .query_params .get ("state" )
407+ if self ._state is None and self .requires_state :
408+ raise SSOLoginError (400 , "'state' parameter was not found in callback request" )
409+ if self ._state is not None :
410+ sso_state = request .cookies .get ("sso_state" )
411+ if sso_state is None and self .requires_state :
412+ raise SSOLoginError (401 , "State cookie not found" )
413+ if sso_state is not None and sso_state != self ._state :
414+ raise SSOLoginError (401 , "Invalid state" )
405415 pkce_code_verifier : Optional [str ] = None
406416 if self .uses_pkce :
407417 pkce_code_verifier = request .cookies .get ("pkce_code_verifier" )
You can’t perform that action at this time.
0 commit comments