From 6859b8a9493c33592e9ef42990bae308bb551309 Mon Sep 17 00:00:00 2001
From: "yadong.zhang" <yadong.zhang0415@gmail.com>
Date: Sun, 4 Aug 2024 23:28:55 +0800
Subject: [PATCH] =?UTF-8?q?:fire:=20Amazon=20PKCE=20=E4=B8=AD=E7=9A=84=20c?=
 =?UTF-8?q?ode=5Fverifier=20=E5=9F=BA=E4=BA=8E=20state=20=E7=BC=93?=
 =?UTF-8?q?=E5=AD=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
index b4c70bcf..85e1a58b 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
@@ -50,15 +50,16 @@ public AuthAmazonRequest(AuthConfig config, AuthStateCache authStateCache) {
      */
     @Override
     public String authorize(String state) {
+        String realState = getRealState(state);
         UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize())
             .queryParam("client_id", config.getClientId())
             .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .queryParam("response_type", "code")
-            .queryParam("state", getRealState(state));
+            .queryParam("state", realState);
 
         if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
             String codeVerifier = PkceUtil.generateCodeVerifier();
             String codeChallengeMethod = "S256";
             String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
@@ -86,7 +87,7 @@ public AuthToken getAccessToken(AuthCallback authCallback) {
         form.put("client_secret", config.getClientSecret());
 
         if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
             String codeVerifier = this.authStateCache.get(cacheKey);
             form.put("code_verifier", codeVerifier);
         }