feat:add configurable state

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [unreleased]
+* Added support for custom state. #336
+
 ## [0.9.10]
 
 ## Fixed

src/OpenIDConnectClient.php

@@ -266,6 +266,11 @@ class OpenIDConnectClient
      */
     private $token_endpoint_auth_methods_supported = ['client_secret_basic'];
 
+    /**
+     * @var string state to be used instead of random string
+     */
+    private $customState;
+
     /**
      * @param $provider_url string optional
      *
@@ -792,7 +797,7 @@ private function requestAuthorization() {
         $nonce = $this->setNonce($this->generateRandString());
 
         // State essentially acts as a session key for OIDC
-        $state = $this->setState($this->generateRandString());
+        $state = $this->setState($this->getCustomState() ?: $this->generateRandString());
 
         $auth_params = array_merge($this->authParams, [
             'response_type' => $response_type,
@@ -1946,6 +1951,25 @@ protected function unsetState() {
         $this->unsetSessionKey('openid_connect_state');
     }
 
+    /**
+     * Set customState
+     *
+     * @param string $state
+     * @return void
+     */
+    public function setCustomState($state) {
+        $this->customState = $state;
+    }
+
+    /**
+     * Get customState
+     *
+     * @return string
+     */
+    public function getCustomState() {
+        return $this->customState;
+    }
+
     /**
      * Stores $codeVerifier
      *