canvas.rb in omniauth-canvas-1.0.0

- old
+ new

@@ -37,11 +37,27 @@
 
       def raw_info
         @raw_info ||= access_token.get("/api/v1/users/#{access_token['user']['id']}/profile").parsed
       end
 
+      # Passing any query string value to Canvas will result in:
+      # redirect_uri does not match client settings
+      # so we set the value to empty string
       def query_string
         ""
+      end
+
+      # Override authorize_params so that we can be deliberate about setting state if needed
+      def authorize_params
+        # Only set state if it hasn't already been set
+        options.authorize_params[:state] ||= SecureRandom.hex(24)
+        params = options.authorize_params.merge(options_for("authorize"))
+        if OmniAuth.config.test_mode
+          @env ||= {}
+          @env["rack.session"] ||= {}
+        end
+        session["omniauth.state"] = params[:state]
+        params
       end
     end
   end
 end
 