From a2400f6baff44cb2996487bcd0cc6e2acc74b3d4 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 14 Jun 2021 14:13:31 -0400
Subject: [PATCH] fix: accidental unnecessarily strict conditional that
 effectively rendered SSO state checking opt-in instead of opt-out

---
 src/routes/authentication.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index ca7b98d870..cbc3841872 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -104,7 +104,7 @@ Auth.reloadRoutes = async function (params) {
 					prompt: strategy.prompt || undefined,
 				};
 
-				if (strategy.checkState) {
+				if (strategy.checkState !== false) {
 					req.session.ssoState = req.csrfToken && req.csrfToken();
 					opts.state = req.session.ssoState;
 				}