fix: openid flow

server/resolvers/login.go

@@ -142,6 +142,28 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	}
 
 	nonce := uuid.New().String()
+	fmt.Println("=> state", refs.StringValue(params.State))
+	code := ""
+	codeChallenge := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+
+				fmt.Println("=> code info", authorizeStateSplit)
+				nonce = nonce + "@@" + code
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+
+	}
+
 	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce)
 	if err != nil {
 		log.Debug("Failed to create auth token", err)
@@ -165,6 +187,15 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	sessionStoreKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
 	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
 	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
+	// Code challenge could be optional if PKCE flow is not used
+
+	if code != "" {
+		fmt.Println("=> setting the state here....")
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
 
 	if authToken.RefreshToken != nil {
 		res.RefreshToken = &authToken.RefreshToken.Token

server/resolvers/signup.go

@@ -34,6 +34,16 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		return res, err
 	}
 
+	code := ""
+	if params.State != nil {
+		// Get state from store
+		code, err = memorystore.Provider.GetState(*params.State)
+		if err != nil {
+			log.Debug("Invalid Error State:", err)
+			return res, fmt.Errorf("invalid_state: %s", err.Error())
+		}
+	}
+
 	isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
 	if err != nil {
 		log.Debug("Error getting signup disabled: ", err)
@@ -244,6 +254,10 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		}
 
 		nonce := uuid.New().String()
+		if code != "" {
+			nonce = nonce + "@@" + code
+		}
+
 		authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce)
 		if err != nil {
 			log.Debug("Failed to create auth token: ", err)

server/resolvers/update_user.go

@@ -125,7 +125,6 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 			return res, fmt.Errorf("user with this email address already exists")
 		}
 
-		// TODO figure out how to do this
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 
 		hostname := parsers.GetHost(gc)