Implement state parameter (take two)

The previous implementation incorrectly took state from the token
claims, but it is returned as a normal query parameter to the callback,
so outside the scope of client libraries.

Author: stephank

client-tester.php

@@ -2,12 +2,12 @@
 <?php
 
 $argv = $_SERVER['argv'];
-if (count($argv) !== 2) {
+if (2 !== count($argv)) {
     error_log('Broker required');
     exit(1);
 }
 
-require_once __DIR__ . '/vendor/autoload.php';
+require_once __DIR__.'/vendor/autoload.php';
 
 $client = new \Portier\Client\Client(
     new \Portier\Client\MemoryStore(),
@@ -19,30 +19,30 @@
 while (($line = fgets($stdin, 4096)) !== false) {
     $cmd = explode("\t", trim($line));
     switch ($cmd[0]) {
-    case 'echo':
-        echo "ok\t{$cmd[1]}\n";
-        break;
-    case 'auth':
-        try {
-            $authUrl = $client->authenticate($cmd[1]);
-            echo "ok\t{$authUrl}\n";
-        } catch (Throwable $err) {
-            $msg = implode("  ", explode("\n", $err->getMessage()));
-            echo "err\t{$msg}\n";
-        }
-        break;
-    case 'verify':
-        try {
-            $email = $client->verify($cmd[1]);
-            echo "ok\t{$email}\n";
-        } catch (Throwable $err) {
-            $msg = implode("  ", explode("\n", $err->getMessage()));
-            echo "err\t{$msg}\n";
-        }
-        break;
-    default:
-        error_log("invalid command: {$cmd[0]}");
-        exit(1);
+        case 'echo':
+            echo "ok\t{$cmd[1]}\n";
+            break;
+        case 'auth':
+            try {
+                $authUrl = $client->authenticate($cmd[1], $cmd[2] ?? '');
+                echo "ok\t{$authUrl}\n";
+            } catch (Throwable $err) {
+                $msg = implode('  ', explode("\n", $err->getMessage()));
+                echo "err\t{$msg}\n";
+            }
+            break;
+        case 'verify':
+            try {
+                $email = $client->verify($cmd[1]);
+                echo "ok\t{$email}\n";
+            } catch (Throwable $err) {
+                $msg = implode('  ', explode("\n", $err->getMessage()));
+                echo "err\t{$msg}\n";
+            }
+            break;
+        default:
+            error_log("invalid command: {$cmd[0]}");
+            exit(1);
     }
 }
 if (!feof($stdin)) {

src/Client.php

@@ -97,28 +97,32 @@ public static function normalize(string $email): string
      * Start authentication of an email address.
      *
      * @param string $email email address to authenticate
+     * @param string $state arbitrary state that is returned to the redirect URL via the `state` query parmmeter
      *
      * @return string URL to redirect the browser to
      */
-    public function authenticate(string $email): string
+    public function authenticate(string $email, string $state = null): string
     {
         $authEndpoint = $this->fetchDiscovery()->authorization_endpoint ?? null;
         if (!is_string($authEndpoint)) {
             throw new \Exception('No authorization_endpoint in discovery document');
         }
 
         $nonce = $this->store->createNonce($email);
-        $query = http_build_query([
+        $query = [
             'login_hint' => $email,
             'scope' => 'openid email',
             'nonce' => $nonce,
             'response_type' => 'id_token',
             'response_mode' => 'form_post',
             'client_id' => $this->clientId,
             'redirect_uri' => $this->redirectUri,
-        ]);
+        ];
+        if (null !== $state) {
+            $query['state'] = $state;
+        }
 
-        return $authEndpoint.'?'.$query;
+        return $authEndpoint.'?'.http_build_query($query);
     }
 
     /**