Ensure state is in access denied redirect. Fixes #597

thephpleague · Jun 28, 2016 · 5ee1583 · 5ee1583
1 parent 66de05a
commit 5ee1583
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
@@ -335,7 +335,12 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
         // The user denied the client, redirect them back with an error
         throw OAuthServerException::accessDenied(
             'The user denied the request',
-            $finalRedirectUri
+            $this->makeRedirectUri(
+                $finalRedirectUri,
+                [
+                    'state' => $authorizationRequest->getState(),
+                ]
+            )
         );
     }
 }
diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php
@@ -207,7 +207,12 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
         // The user denied the client, redirect them back with an error
         throw OAuthServerException::accessDenied(
             'The user denied the request',
-            $finalRedirectUri
+            $this->makeRedirectUri(
+                $finalRedirectUri,
+                [
+                    'state' => $authorizationRequest->getState(),
+                ]
+            )
         );
     }
 }