Add support for custom callback parameters. #155
Conversation
erickoledadevrel force-pushed the params branch from afb3d61 to f9e29ef Compare 
test/test.js Outdated
| foo: 'bar' | ||
| }); | ||
| | ||
| // Extract the state token from the URL. |
There was a problem hiding this comment.
It would be helpful if you gave an example IN and OUT.
IN: http://www.foo.hk/bar?baz=bat
OUT: ?
| ```js | ||
| var authorizationUrl = getService().getAuthorizationUrl({ | ||
| lang: 'fr' |
There was a problem hiding this comment.
It's not obvious that lang: 'fr' is an example, or what this sample does.
Can you say something like:
for example, we're passing a simple object
{ lang: 'fr' }to our OAuth2statetoken.
| to the PropertiesService is expensive and not neccessary in the case where the | ||
| user doesn't start or fails to complete the OAuth flow. | ||
| As an alternative you can store small amounts of data in the OAuth2 `state` |
There was a problem hiding this comment.
Instead of calling this state, could we just call it parameter in the docs and say it is persisted?
There was a problem hiding this comment.
The state parameter is a formal part of the OAuth2 spec:
state
RECOMMENDED. An opaque value used by the client to maintain
state between the request and callback. The authorization
server includes this value when redirecting the user-agent back
to the client. The parameter SHOULD be used for preventing
cross-site request forgery as described in Section 10.12.
https://tools.ietf.org/html/rfc6749#section-4.1.1
I'd prefer to stick with the formal name, since different OAuth2 providers may handle it differently.
README.md Outdated
| ``` | ||
| These values will be stored along-side Apps Script's internal information in the | ||
| cryptographically secure `state` token, which is passed in the authorization URL |
There was a problem hiding this comment.
cryptographically secure
I think we say encrypted in the docs. I'd rather not say "cryptographically secure" unless we link the docs to the cipher we're using for this token.
WDYT?
README.md Outdated
| These values will be stored along-side Apps Script's internal information in the | ||
| cryptographically secure `state` token, which is passed in the authorization URL | ||
| and passed back to the redirect URI. The `state` token is automatically | ||
| decrypted in the callback function, and you can access your parameters using the |
There was a problem hiding this comment.
Rather than using "and", you could just separate these conjoined sentence into two sentences.
function. You can...
There was a problem hiding this comment.
Keeping the and, but removing the comma.
erickoledadevrel force-pushed the params branch from 2afb28c to 90de84c Compare 
Fixes #131