feat: add support for pcke state

monerium · Dec 15, 2023 · 741c581 · 741c581
1 parent 9d4f0dd
commit 741c581
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/libs/sdk/src/client.ts b/libs/sdk/src/client.ts
@@ -48,7 +48,7 @@ export class MoneriumClient {
 
   #authorizationHeader?: string;
   /**
-   * @deprecated, use sessionStorage
+   * @deprecated, use sessionStorage, will be removed in v3
    * The PKCE code verifier
    * */
   codeVerifier?: string;
@@ -63,6 +63,8 @@ export class MoneriumClient {
 
   #client?: BearerTokenCredentials;
 
+  state: string | undefined;
+
   /** Constructor for no arguments, defaults to sandbox */
   constructor();
   /** Constructor with only env as an argument*/
@@ -128,6 +130,7 @@ export class MoneriumClient {
       address: client?.address,
       signature: client?.signature,
       chainId: client?.chainId,
+      state: client?.state,
     });
 
     // Redirect to the authFlow
@@ -172,13 +175,16 @@ export class MoneriumClient {
     const authCode =
       new URLSearchParams(window.location.search).get('code') || undefined;
 
+    const state =
+      new URLSearchParams(window.location.search).get('state') || undefined;
+
     const refreshToken =
       sessionStorage.getItem(STORAGE_REFRESH_TOKEN) || undefined;
 
     if (refreshToken) {
       await this.#refreshTokenAuthorization(clientId, refreshToken);
     } else if (authCode) {
-      await this.#authCodeAuthorization(clientId, redirectUrl, authCode);
+      await this.#authCodeAuthorization(clientId, redirectUrl, authCode, state);
     }
 
     return !!this.bearerProfile;
@@ -378,17 +384,20 @@ export class MoneriumClient {
   #authCodeAuthorization = async (
     clientId: string,
     redirectUrl: string,
-    authCode: string
+    authCode: string,
+    state?: string
   ) => {
     const codeVerifier = sessionStorage.getItem(STORAGE_CODE_VERIFIER) || '';
 
     if (!codeVerifier) {
       throw new Error('Code verifier not found');
     }
 
-    /** @deprecated, use sessionStorage */
+    /** @deprecated, use sessionStorage, will be removed in v3 */
     this.codeVerifier = codeVerifier;
 
+    this.state = state;
+
     sessionStorage.removeItem(STORAGE_CODE_VERIFIER);
     // Remove auth code from URL.
     return await this.#grantAccess({

diff --git a/libs/sdk/src/types.ts b/libs/sdk/src/types.ts
@@ -484,6 +484,7 @@ export type AuthFlowOptions = {
   address?: string;
   signature?: string;
   chainId?: ChainId;
+  state?: string;
 };
 
 export type ClientCredentials = {