commit e2b43804519447c28b3ff8760905c40ff4cef06f
Author: Ben Sima <ben@bensima.com>
Date: Thu Jan 1 23:24:22 2026
Fix OAuth state parameter name (t-319)
The sed replace for state->oauthState accidentally changed the URL
parameter and JSON key from 'state' to 'oauthState'. OAuth spec
requires 'state' as the parameter name.
Task-Id: t-319
diff --git a/Omni/Agent.hs b/Omni/Agent.hs
old mode 100644
new mode 100755
diff --git a/Omni/Agent/Auth.hs b/Omni/Agent/Auth.hs
index 1367277e..f164cf5c 100644
--- a/Omni/Agent/Auth.hs
+++ b/Omni/Agent/Auth.hs
@@ -187,7 +187,7 @@ loginAnthropic = do
("scope", scopes),
("code_challenge", challenge),
("code_challenge_method", "S256"),
- ("oauthState", verifier)
+ ("state", verifier)
]
paramStr = Text.intercalate "&" <| map (\(k, v) -> k <> "=" <> v) params
authUrl = authorizeUrl <> "?" <> paramStr
@@ -217,7 +217,7 @@ exchangeCode code oauthState verifier = do
[ "grant_type" .= ("authorization_code" :: Text),
"client_id" .= clientId,
"code" .= code,
- "oauthState" .= oauthState,
+ "state" .= oauthState,
"redirect_uri" .= redirectUri,
"code_verifier" .= verifier
]