Use only web safe characters in client state arg

Fixes #268
author: Andrew Arnott <andrewarnott@gmail.com> 2013-04-11 23:39:12 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2013-04-11 23:39:12 -0700
commit: 773d00c4252ed119a46d37bf3dd5425a4610ef78 (patch)
tree: f61de5fdeed652a647bebb02e0aee020dc5bd376 /src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
parent: 5f99dec3f56da3e2b2e276c48d8836b5678bcb18 (diff)
download: DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.zip
DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.tar.gz
DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
index 879e4e3..277bed4 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
@@ -113,7 +113,7 @@ namespace DotNetOpenAuth.OAuth2 {
 			if (this.AuthorizationTracker == null) {
 				var context = this.Channel.GetHttpContext();
 
-				string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16);
+				string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16, useWeb64: true);
 				cookie = new HttpCookie(XsrfCookieName, xsrfKey) {
 					HttpOnly = true,
 					Secure = FormsAuthentication.RequireSSL,
author	Andrew Arnott <andrewarnott@gmail.com>	2013-04-11 23:39:12 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2013-04-11 23:39:12 -0700
commit	773d00c4252ed119a46d37bf3dd5425a4610ef78 (patch)
tree	f61de5fdeed652a647bebb02e0aee020dc5bd376 /src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
parent	5f99dec3f56da3e2b2e276c48d8836b5678bcb18 (diff)
download	DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.zip DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.tar.gz DotNetOpenAuth-773d00c4252ed119a46d37bf3dd5425a4610ef78.tar.bz2