From 0dc2a6e7a1bb31e1a470527a4ac95b5e98286f61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 13 Oct 2023 15:17:03 +0300
Subject: [PATCH] fix(op): return state in token response only for implicit
 flow (#460)

* fix(op): return state in token response only for implicit flow

* oops
---
 pkg/op/token.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/op/token.go b/pkg/op/token.go
index bc45c298..63a01a6c 100644
--- a/pkg/op/token.go
+++ b/pkg/op/token.go
@@ -51,7 +51,10 @@ func CreateTokenResponse(ctx context.Context, request IDTokenRequest, client Cli
 		if err != nil {
 			return nil, err
 		}
-		state = authRequest.GetState()
+		// only implicit flow requires state to be returned.
+		if code == "" {
+			state = authRequest.GetState()
+		}
 	}
 
 	exp := uint64(validity.Seconds())