From 3faed0e9667c52c8a5353e40f3f8c5b0606b02b9 Mon Sep 17 00:00:00 2001
From: Alec Murphy <alec@checksum.fail>
Date: Wed, 12 Mar 2025 07:47:09 -0400
Subject: [PATCH] Slon/Modules/OAuth: Return client state for
 /oauth/verify_access

Most clients don't care about this, but the (deprecated) Tooot iOS app
does, so now we support it.
---
 Slon/Modules/OAuth.HC | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Slon/Modules/OAuth.HC b/Slon/Modules/OAuth.HC
index ba1b1d8..e8322ac 100644
--- a/Slon/Modules/OAuth.HC
+++ b/Slon/Modules/OAuth.HC
@@ -130,6 +130,9 @@ U0 @slon_oauth_verify_access_get(SlonHttpSession* session)
                 @slon_db_save_oauth_to_disk;
 
                 StrPrint(scratch_buffer, "%s?code=%s", redirect_uri, authorization_code);
+                if (request_json->@("client_state")) {
+                    String.Append(scratch_buffer, "&state=%s", request_json->@("client_state"));
+                }
                 JsonObject* redirect_uri_object = Json.CreateObject(slon_mem_task);
                 redirect_uri_object->set("redirect_uri", scratch_buffer, JSON_STRING);
                 session->send(redirect_uri_object);