Merge pull request #58 from zgianos/master

Auth: add callback URL parameter to authorize.

lib/auth.js

@@ -27,24 +27,28 @@
 
         this.options = {};
 
-        this.authorize = function (res, scope, state) {
+        this.authorize = function (res, scope, state, redirectURI) {
 
             if (res && res.constructor === Array) {
+                redirectURI = state;
                 state = scope;
                 scope = res;
                 res = null;
             }
 
             state = encodeURIComponent(state || newState());
-            states[state] = true;
+            redirectURI = redirectURI || args.callback;
+            states[state] = {
+                redirectURI: redirectURI,
+            };
 
             var url = util.format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" +
                 "&client_id=%s" +
                 "&state=%s" +
                 "&redirect_uri=%s",
                 args.appId,
                 state,
-                encodeURIComponent(args.callback)
+                encodeURIComponent(redirectURI)
             );
 
             if (scope && scope.length > 0) {
@@ -63,7 +67,9 @@
                 res = null;
             }
 
-            if (!states[stateOut]) {
+            var state = states[stateOut];
+
+            if (!state) {
                 var err = new Error('Possible CSRF attack, state parameters do not match.');
                 err.name = 'CSRF Alert';
                 return cb(err, null);
@@ -75,7 +81,7 @@
                 form = {
                     "grant_type": "authorization_code",
                     "code": code,
-                    "redirect_uri": args.callback,
+                    "redirect_uri": state.redirectURI,
                     "client_id": args.appId,
                     "client_secret": args.appSecret
                 };