From a4653617259e761ffa05a6c5d0af04a9d6700716 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Oct 10 2016 15:08:04 +0000
Subject: Only return an OpenID Connect state when we were asked to provide one


Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py
index ebef4e9..b749b60 100644
--- a/ipsilon/providers/openidc/auth.py
+++ b/ipsilon/providers/openidc/auth.py
@@ -86,7 +86,7 @@ class AuthenticateRequest(ProviderPageBase):
             self.debug('Using default query response mode')
 
         # If the client sent a state, we need to pass that back
-        if 'state' in request:
+        if 'state' in request and request['state']:
             contents['state'] = request['state']
 
         # Build a response-string, which is sent with either query, form