TykTechnologies · Emoe · Jul 9, 2019
diff --git a/main.go b/main.go
@@ -17,6 +17,7 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 	tmplVal["ClientID"] = r.FormValue("client_id")
 	tmplVal["ResponseType"] = r.FormValue("response_type")
 	tmplVal["RedirectURI"] = r.FormValue("redirect_uri")
+	tmplVal["State"] = r.FormValue("state")
 
 	t, _ := template.ParseFiles("tmpl/login.html")
 	t.Execute(w, tmplVal)
@@ -26,9 +27,10 @@ func approvedHandler(w http.ResponseWriter, r *http.Request) {
 	var redirect_uri = r.FormValue("redirect_uri")
 	var responseType = r.FormValue("response_type")
 	var clientId = r.FormValue("client_id")
+	var State = r.FormValue("state")
 
 	thisResponse, rErr := RequestOAuthToken(APIlistenPath,
-		redirect_uri, responseType, clientId, "", orgID, policyID, BaseAPIID)
+		redirect_uri, responseType, clientId, "", orgID, policyID, BaseAPIID, State)
 
 	if rErr != nil {
 		log.Error(rErr)

diff --git a/tmpl/index.html b/tmpl/index.html
@@ -22,6 +22,7 @@ <h2>1. Third Party Requester (Client)</h2>
       <input type="hidden" class="form-control" id="response_type" name="response_type" value="token">
       <input type="hidden" class="form-control" id="client_id" name="client_id" value="16076d969bc745ec7018dd4343fac83b">
       <input type="hidden" class="form-control" id="redirect_uri" name="redirect_uri" value="http://localhost:8000/final">
+      <input type="hidden" class="form-control" id="state" name="state" value="1234567890">
     <button type="submit" class="btn btn-default">Start OAuth</button>
   </form>
 </div>

diff --git a/tmpl/login.html b/tmpl/login.html
@@ -22,6 +22,7 @@ <h2>Login Form (Your identity portal)</h2>
       <li>Client ID: {{.ClientID}}</li>
       <li>Redirect URL: {{.RedirectURI}}</li>
       <li>Response Type: {{.ResponseType}}</li>
+      <li>State: {{.State}}</li>
     </ul>
   </p>
   <p>
@@ -39,6 +40,7 @@ <h2>Login Form (Your identity portal)</h2>
     <input type="hidden" class="form-control" id="response_type" name="response_type" value="{{.ResponseType}}">
       <input type="hidden" class="form-control" id="client_id" name="client_id" value="{{.ClientID}}">
       <input type="hidden" class="form-control" id="redirect_uri" name="redirect_uri" value="{{.RedirectURI}}">
+      <input type="hidden" class="form-control" id="state" name="state" value="{{.State}}">
     <button type="submit" class="btn btn-default">Login</button>
   </form>
 </div>

diff --git a/util.go b/util.go
@@ -156,7 +156,7 @@ func DispatchGateway(target Endpoint, method string, body io.Reader, ctype strin
 	return retBody, nil
 }
 
-func RequestOAuthToken(APIlistenPath, redirect_uri, responseType, clientId, secret, orgID, policyID, BaseAPIID string) (*OAuthResponse, error) {
+func RequestOAuthToken(APIlistenPath, redirect_uri, responseType, clientId, secret, orgID, policyID, BaseAPIID, state string) (*OAuthResponse, error) {
 	// Create a generic access token withour policy
 	basicSessionState := generateBasicTykSesion(BaseAPIID, "Default", policyID, orgID)
 	basicSessionState.OauthClientID = clientId
@@ -177,6 +177,7 @@ func RequestOAuthToken(APIlistenPath, redirect_uri, responseType, clientId, secr
 	data := "response_type=" + responseType
 	data += "&client_id=" + clientId
 	data += "&redirect_uri=" + redirect_uri
+	date += "&state=" + state
 	data += "&key_rules=" + url.QueryEscape(string(keyDataJSON))
 
 	log.Debug("Request data sent: ", data)