From 9e797f13b88ca666ca2ca2fd72602a2b4f177b16 Mon Sep 17 00:00:00 2001
From: Piotr Usewicz <piotr@layer22.com>
Date: Mon, 10 Jun 2019 20:21:11 +0200
Subject: [PATCH] allow specifying custom state key-values (#218)

---
 lib/googleauth/web_user_authorizer.rb       | 12 ++++++++----
 spec/googleauth/web_user_authorizer_spec.rb |  6 ++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/googleauth/web_user_authorizer.rb b/lib/googleauth/web_user_authorizer.rb
index be6c9d8..3c14ddd 100644
--- a/lib/googleauth/web_user_authorizer.rb
+++ b/lib/googleauth/web_user_authorizer.rb
@@ -154,6 +154,8 @@ module Google
       # @param [String, Array<String>] scope
       #  Authorization scope to request. Overrides the instance scopes if
       #  not nil.
+      # @param [Hash] state
+      #  Optional key-values to be returned to the oauth callback.
       # @return [String]
       #  Authorization url
       def get_authorization_url options = {}
@@ -162,12 +164,14 @@ module Google
         raise NIL_REQUEST_ERROR if request.nil?
         raise NIL_SESSION_ERROR if request.session.nil?
 
+        state = options[:state] || {}
+
         redirect_to = options[:redirect_to] || request.url
         request.session[XSRF_KEY] = SecureRandom.base64
-        options[:state] = MultiJson.dump(
-          SESSION_ID_KEY  => request.session[XSRF_KEY],
-          CURRENT_URI_KEY => redirect_to
-        )
+        options[:state] = MultiJson.dump(state.merge(
+                                           SESSION_ID_KEY  => request.session[XSRF_KEY],
+                                           CURRENT_URI_KEY => redirect_to
+                                         ))
         options[:base_url] = request.url
         super options
       end
diff --git a/spec/googleauth/web_user_authorizer_spec.rb b/spec/googleauth/web_user_authorizer_spec.rb
index 6d299cd..20d4776 100644
--- a/spec/googleauth/web_user_authorizer_spec.rb
+++ b/spec/googleauth/web_user_authorizer_spec.rb
@@ -63,6 +63,12 @@ describe Google::Auth::WebUserAuthorizer do
       )
     end
 
+    it "should allow adding custom state key-value pairs" do
+      url = authorizer.get_authorization_url request: request, state: { james: "bond", kind: 1 }
+      expect(url).to match(%r{%22james%22:%22bond%22})
+      expect(url).to match(%r{%22kind%22:1})
+    end
+
     it "should include request forgery token in state" do
       expect(SecureRandom).to receive(:base64).and_return("aGVsbG8=")
       url = authorizer.get_authorization_url request: request