From cac2c9728de927f81e6df5e9babccdfed581d0a6 Mon Sep 17 00:00:00 2001
From: Joel Speed <Joel.speed@hotmail.co.uk>
Date: Thu, 21 Jun 2018 11:31:21 +0100
Subject: [PATCH] Validate OIDC Session State

---
 providers/oidc.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/providers/oidc.go b/providers/oidc.go
index 36b87f6..66c0816 100644
--- a/providers/oidc.go
+++ b/providers/oidc.go
@@ -128,3 +128,14 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
 		Email:        claims.Email,
 	}, nil
 }
+
+// ValidateSessionState checks that the session's IDToken is still valid
+func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool {
+	ctx := context.Background()
+	_, err := p.Verifier.Verify(ctx, s.IDToken)
+	if err != nil {
+		return false
+	}
+
+	return true
+}