From 5ab17d9a40759a138702fec95aa1174e118a8ef7 Mon Sep 17 00:00:00 2001
From: Joel Speed <Joel.speed@hotmail.co.uk>
Date: Thu, 21 Jun 2018 11:31:21 +0100
Subject: [PATCH] Validate OIDC Session State

---
 providers/oidc.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/providers/oidc.go b/providers/oidc.go
index ccd1bbd..4bc2095 100644
--- a/providers/oidc.go
+++ b/providers/oidc.go
@@ -123,3 +123,13 @@ func (p *OIDCProvider) createSessionState(token *oauth2.Token, ctx context.Conte
 		Email:        claims.Email,
 	}, nil
 }
+
+func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool {
+	ctx := context.Background()
+	_, err := p.Verifier.Verify(ctx, s.IdToken)
+	if err != nil {
+		return false
+	}
+
+	return true
+}