Issue with State Parameter in node-red-contrib-oauth2 #78

 - Update package.json and src/locales/en-US/oauth2.json
 - Add "state" field to src/oauth2.html
 - Update src/oauth2.js to include "state" in the request parameters.

package.json

@@ -1,9 +1,15 @@
 {
   "name": "node-red-contrib-oauth2",
-  "version": "5.0.4",
+  "version": "5.0.5",
   "description": "The node-red-contrib-oauth2 is a Node-RED node that provides an OAuth2 authentication flow. This node uses the OAuth2 protocol to obtain an access token, which can be used to make authenticated API requests.",
   "author": "Marcos Caputo <caputo.marcos@gmail.com>",
-  "contributors": ["Michael Sommer <github@neuronetix.de>"],
+  "contributors": [
+    "Nariyuki Saito <toshincompos@gmail.com>",
+    "Michael Sommer <github@neuronetix.de>",
+    "Emanuel Miron",
+    "serotonie",
+    "deosrc"
+  ],
   "license": "MIT License",
   "homepage": "https://github.com/caputomarcos/node-red-contrib-oauth2#readme",
   "repository": {

src/locales/en-US/oauth2.json

@@ -15,6 +15,7 @@
       "client_secret": "Client Secret",
       "scope": "Scope",
       "resource": "Resource",
+      "state": "State",
       "rejectUnauthorized": "The rejectUnauthorized parameter controls SSL/TLS certificate validation for the server, with true enforcing validation and false disabling it.",
       "rejectUnauthorized_label": "Reject Unauthorized",
       "client_credentials_in_body": "Ensure that the client credentials are included in the token request body for authentication purposes.",
@@ -36,6 +37,7 @@
       "client_secret": "5621bd4b5a8b09ed31817efb8d54fda2c72bfc1c6968cd4563d83f7cc26f68f6",
       "scope": "scope",
       "resource": "resource",
+      "state": "state",
       "rejectUnauthorized": "rejectUnauthorized",
       "headers": "headers"
     },

src/oauth2.html

@@ -61,7 +61,12 @@
     <div class="form-row" id="node-resource">
       <label for="node-input-resource"><i class="fa fa-code fa-fw"></i> <span data-i18n="oauth2.label.resource"></span></label>
       <input type="text" id="node-input-resource" data-i18n="[placeholder]oauth2.placeholder.resource" style="width:70%;" />
-    </div>
+  </div>
+   <!-- node-state -->
+   <div class="form-row" id="node-state">
+    <label for="node-input-state"><i class="fa fa-code fa-fw"></i> <span data-i18n="oauth2.label.state"></span></label>
+    <input type="text" id="node-input-state" data-i18n="[placeholder]oauth2.placeholder.state" style="width:70%;" />
+  </div> 
   <!-- node-open_authentication -->
   <div class="form-row" id="node-open_authentication">
     <label for="node-input-open_authentication"><i class="fa fa-sign-in fa-fw"></i> <span data-i18n="oauth2.label.open_authentication"></span></label>
@@ -158,6 +163,7 @@
         client_secret: { value: '' },
         scope: { value: '' },
         resource: { value: ''},
+        state: { value: '' },
         proxy: {
           type: 'http proxy',
           required: false,
@@ -219,6 +225,7 @@
             $('#node-client_secret').hide();
             $('#node-scope').hide();
             $('#node-resource').hide();
+            $('#node-state').hide();
             $('#node-rejectUnauthorized').show();
             $('#node-client_credentials_in_body').show();
           } else if ($('#node-input-grant_type').val() === 'client_credentials') {
@@ -231,6 +238,7 @@
             $('#node-client_secret').show();
             $('#node-scope').show();
             $('#node-resource').show();
+            $('#node-state').show();
             $('#node-rejectUnauthorized').show();
             $('#node-client_credentials_in_body').show();
           } else if ($('#node-input-grant_type').val() === 'password') {
@@ -243,6 +251,7 @@
             $('#node-client_secret').show();
             $('#node-scope').show();
             $('#node-resource').show();
+            $('#node-state').show();
             $('#node-rejectUnauthorized').show();
             $('#node-client_credentials_in_body').show();
           } else if ($('#node-input-grant_type').val() === 'authorization_code') {
@@ -255,6 +264,7 @@
             $('#node-client_secret').show();
             $('#node-scope').show();
             $('#node-resource').show();
+            $('#node-state').show();
             $('#node-rejectUnauthorized').show();
             $('#node-client_credentials_in_body').show();
           }
@@ -277,19 +287,23 @@
           const clientId = $('#node-input-client_id').val();
           const clientSecret = $('#node-input-client_secret').val();
           const proxy = $('#node-input-proxy').val();
+
           var scope = $('#node-input-scope').val();
           scope = scope.replace(/\n/g, '%20');
 
           var resource = $('#node-input-resource').val();
           resource = resource.replace(/\n/g, '%20');
 
+          var state = $('#node-input-state').val();
+          state = state.replace(/\n/g, '%20');
+
           var url;
           if (authorizationEndpoint) {
-            url = `oauth2/auth?id=${encodeURIComponent(id)}&clientId=${encodeURIComponent(clientId)}&clientSecret=${encodeURIComponent(clientSecret)}&scope=${encodeURIComponent(scope)}&resource=${encodeURIComponent(resource)}&callback=${encodeURIComponent(
+            url = `oauth2/auth?id=${encodeURIComponent(id)}&clientId=${encodeURIComponent(clientId)}&clientSecret=${encodeURIComponent(clientSecret)}&scope=${encodeURIComponent(scope)}&state=${encodeURIComponent(state)}&resource=${encodeURIComponent(resource)}&callback=${encodeURIComponent(
               callback
             )}&authorizationEndpoint=${encodeURIComponent(authorizationEndpoint)}&redirectUri=${encodeURIComponent(redirectUri)}&proxy=${encodeURIComponent(proxy)}`;
           } else {
-            url = `oauth2/auth?id=${encodeURIComponent(id)}&clientId=${encodeURIComponent(clientId)}&clientSecret=${encodeURIComponent(clientSecret)}&scope=${encodeURIComponent(scope)}&resource=${encodeURIComponent(resource)}&callback=${encodeURIComponent(
+            url = `oauth2/auth?id=${encodeURIComponent(id)}&clientId=${encodeURIComponent(clientId)}&clientSecret=${encodeURIComponent(clientSecret)}&scope=${encodeURIComponent(scope)}&state=${encodeURIComponent(state)}&resource=${encodeURIComponent(resource)}&callback=${encodeURIComponent(
               callback
             )}&proxy=${encodeURIComponent(proxy)}`;
           }

src/oauth2.js

@@ -57,6 +57,7 @@ module.exports = function (RED) {
       this.client_secret = oauth2Node.client_secret || '';
       this.scope = oauth2Node.scope || '';
       this.resource = oauth2Node.resource || '';
+      this.state = oauth2Node.state || '';
       this.rejectUnauthorized = oauth2Node.rejectUnauthorized || false;
       this.client_credentials_in_body = oauth2Node.client_credentials_in_body || false;
       this.headers = oauth2Node.headers || {};
@@ -111,7 +112,8 @@ module.exports = function (RED) {
             form: {
               grant_type: msg.oauth2Request.credentials.grant_type,
               scope: msg.oauth2Request.credentials.scope,
-              resource: msg.oauth2Request.credentials.resource
+              resource: msg.oauth2Request.credentials.resource,
+              state: msg.oauth2Request.credentials.state
             }
           };
           if (msg.oauth2Request.credentials.grant_type === 'password') {
@@ -134,14 +136,21 @@ module.exports = function (RED) {
             form: {
               grant_type: node.grant_type,
               scope: node.scope,
-              resource: node.resource
+              resource: node.resource,
+              state: node.state
             }
           };
           if (node.grant_type === 'password') {
             options.form.username = node.username;
             options.form.password = node.password;
           }
           if (node.grant_type === 'authorization_code') {
+            // Some services accept these via Authorization while other require it in the POST body
+            if (node.client_credentials_in_body) {
+              options.form.client_id = node.client_id;
+              options.form.client_secret = node.client_secret;
+            }
+
             const credentials = RED.nodes.getCredentials(node.id);
             if (credentials) {
               options.form.code = credentials.code;
@@ -150,12 +159,6 @@ module.exports = function (RED) {
           }
         }
 
-        // Some services accept these via Authorization while other require it in the POST body
-        if (node.client_credentials_in_body) {
-          options.form.client_id = node.client_id;
-          options.form.client_secret = node.client_secret;
-        }
-
         // add any custom headers, if we haven't already set them above
         if (oauth2Node.headers) {
           for (let h in oauth2Node.headers) {