From bfb868e01342693c8878669bdf4de317dd46ddae Mon Sep 17 00:00:00 2001
From: Eric Hacke <ehacke@gmail.com>
Date: Wed, 25 Dec 2019 14:36:53 -0500
Subject: [PATCH] Add state parameter option to authorize url

---
 lib/auth/app.js | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/lib/auth/app.js b/lib/auth/app.js
index 2d588f7f..83a29799 100644
--- a/lib/auth/app.js
+++ b/lib/auth/app.js
@@ -51,20 +51,30 @@ function App(options) {
  * @param {Object} options  Overrides to the app's defaults
  * @option {String} asanaBaseUrl
  * @option {String} redirectUri
+ * @option {String} state
  * @returns {String} The URL used to authorize a user for the app.
  */
 App.prototype.asanaAuthorizeUrl = function(options) {
   options = options || {};
+
+  var query = options.state ? {
+    'client_id': this.clientId,
+    'response_type': 'code',
+    'redirect_uri': options.redirectUri || this.redirectUri,
+    'scope': this.scope,
+    'state': options.state
+  } : {
+    'client_id': this.clientId,
+    'response_type': 'code',
+    'redirect_uri': options.redirectUri || this.redirectUri,
+    'scope': this.scope
+  };
+
   return url.resolve(
     options.asanaBaseUrl || this.asanaBaseUrl,
     url.format({
       pathname: '/-/oauth_authorize',
-      query: {
-        'client_id': this.clientId,
-        'response_type': 'code',
-        'redirect_uri': options.redirectUri || this.redirectUri,
-        'scope': this.scope
-      }
+      query: query,
     }));
 };
 
@@ -87,6 +97,7 @@ App.prototype.asanaTokenUrl = function(options) {
  * @param {Object} options  Overrides to the app's defaults
  * @option {String} asanaBaseUrl
  * @option {String} redirectUri
+ * @option {String} state
  * @return {Promise<Object>} The token, which will include the `access_token`
  *     used for API access, as well as a `refresh_token` which can be stored
  *     to get a new access token without going through the flow again.