Skip to content

Commit b4779d0

Browse files
author
Koman Rudden
committed
fix: use user: prefix for OAuth state storage keys
1 parent ae150d8 commit b4779d0

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

kinde_sdk/auth/oauth.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -332,12 +332,12 @@ async def generate_auth_url(
332332
# Generate state if not provided
333333
state = login_options.get(LoginOptions.STATE, generate_random_string(32))
334334
search_params["state"] = state
335-
self._session_manager.storage_manager.setItems("state", {"value": state})
335+
self._session_manager.storage_manager.setItems("user:state", {"value": state})
336336

337337
# Generate nonce if not provided
338338
nonce = login_options.get(LoginOptions.NONCE, generate_random_string(16))
339339
search_params["nonce"] = nonce
340-
self._session_manager.storage_manager.setItems("nonce", {"value": nonce})
340+
self._session_manager.storage_manager.setItems("user:nonce", {"value": nonce})
341341

342342
# Handle PKCE
343343
code_verifier = ""
@@ -348,7 +348,7 @@ async def generate_auth_url(
348348
pkce_data = await generate_pkce_pair(52) # Use 52 chars to match JS implementation
349349
code_verifier = pkce_data["code_verifier"]
350350
search_params["code_challenge"] = pkce_data["code_challenge"]
351-
self._session_manager.storage_manager.setItems("code_verifier", {"value": code_verifier})
351+
self._session_manager.storage_manager.setItems("user:code_verifier", {"value": code_verifier})
352352

353353
# Set code challenge method
354354
code_challenge_method = login_options.get(LoginOptions.CODE_CHALLENGE_METHOD, "S256")
@@ -517,20 +517,20 @@ async def handle_redirect(self, code: str, user_id: str, state: Optional[str] =
517517
"""
518518
# Verify state if provided
519519
if state:
520-
stored_state = self._session_manager.storage_manager.get("state")
520+
stored_state = self._session_manager.storage_manager.get("user:state")
521521
self._logger.warning(f"stored_state: {stored_state}, state: {state}")
522522
if not stored_state or state != stored_state.get("value"):
523523
self._logger.error(f"State mismatch: received {state}, stored {stored_state}")
524524
raise KindeLoginException("Invalid state parameter")
525525

526526
# Get code verifier for PKCE
527527
code_verifier = None
528-
stored_code_verifier = self._session_manager.storage_manager.get("code_verifier")
528+
stored_code_verifier = self._session_manager.storage_manager.get("user:code_verifier")
529529
if stored_code_verifier:
530530
code_verifier = stored_code_verifier.get("value")
531531

532532
# Clean up the used code verifier
533-
self._session_manager.storage_manager.delete("code_verifier")
533+
self._session_manager.storage_manager.delete("user:code_verifier")
534534

535535
# Exchange code for tokens
536536
try:
@@ -567,10 +567,10 @@ async def handle_redirect(self, code: str, user_id: str, state: Optional[str] =
567567

568568
# Clean up state
569569
if state:
570-
self._session_manager.storage_manager.delete("state")
570+
self._session_manager.storage_manager.delete("user:state")
571571

572572
# Clean up nonce
573-
self._session_manager.storage_manager.delete("nonce")
573+
self._session_manager.storage_manager.delete("user:nonce")
574574

575575
return {
576576
"tokens": token_data,

0 commit comments

Comments
 (0)