feat: add nonce external definition and remove redundant code random generator calls

Author: DanielRivers

lib/types.ts

@@ -17,7 +17,7 @@ export type LoginMethodParams = Pick<
   | "orgName"
   | "connectionId"
   | "redirectURL"
-  | "hasSuccessPage"
+  | "hasSuccessPage"  
 >;
 
 export type LoginOptions = {
@@ -105,6 +105,10 @@ export type LoginOptions = {
    * Whether to show the success screen at the end of the flow, this is most useful when the callback is not a webpage.
    */
   hasSuccessPage?: boolean;
+  /**
+   * Single use code to prevent replay attacks
+   */
+  nonce?: string;
 };
 
 export enum IssuerRouteTypes {

lib/utils/generateAuthUrl.ts

@@ -22,11 +22,15 @@ export const generateAuthUrl = (
     ...mapLoginMethodParamsForUrl(options),
   };
 
-  const generatedState = generateRandomString(32);
-  const generatedNonce = generateRandomString(16);
+  if (!options.state) {
+    options.state = generateRandomString(32);
+  }
+  searchParams["state"] = options.state;
 
-  searchParams["state"] = options.state || generatedState;
-  searchParams["nonce"] = generatedNonce;
+  if (!options.nonce) {
+    options.nonce = generateRandomString(16);
+  }
+  searchParams["nonce"] = options.nonce;
 
   if (options.codeChallenge) {
     searchParams["code_challenge"] = options.codeChallenge;