fix: authts#466 clear stale states when creating new one

kyxyes · Apr 28, 2022 · 1b39579 · 1b39579
1 parent 7a6a20c
commit 1b39579
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/OidcClient.ts b/src/OidcClient.ts
@@ -90,7 +90,7 @@ export class OidcClient {
         id_token_hint,
         login_hint,
         skipUserInfo,
-        nonce, 
+        nonce,
         response_type = this.settings.response_type,
         scope = this.settings.scope,
         redirect_uri = this.settings.redirect_uri,
@@ -128,6 +128,9 @@ export class OidcClient {
             nonce,
         });
 
+        // house cleaning
+        await this.clearStaleState();
+
         const signinState = signinRequest.state;
         await this.settings.stateStore.set(signinState.id, signinState.toStorageString());
         return signinRequest;
@@ -206,6 +209,9 @@ export class OidcClient {
             request_type,
         });
 
+        // house cleaning
+        await this.clearStaleState();
+
         const signoutState = request.state;
         if (signoutState) {
             logger.debug("Signout request has state to persist");