From 2d6bac5a4303517cea3e8fb4530a154e97997057 Mon Sep 17 00:00:00 2001
From: Gavin Williams <fatmcgav@gmail.com>
Date: Fri, 20 Mar 2026 09:34:52 +0000
Subject: [PATCH] fix(sso/jumpcloud): Ensure that `state` param is used

This commit updates the JumpCloud SSO provider implmentation in-order to ensure that the `state` and `pkce` params are included in the generated auth redirect.

Ref: https://app.sourcebot.dev/~/chat/cmmyp5bsc0001n37tvx8dz4bp
---
 packages/web/src/ee/features/sso/sso.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/web/src/ee/features/sso/sso.ts b/packages/web/src/ee/features/sso/sso.ts
index bbfa7015c..365428f3f 100644
--- a/packages/web/src/ee/features/sso/sso.ts
+++ b/packages/web/src/ee/features/sso/sso.ts
@@ -442,6 +442,7 @@ const createJumpCloudProvider = (clientId: string, clientSecret: string, issuer:
         clientId: clientId,
         clientSecret: clientSecret,
         issuer: issuer,
+        checks: ["pkce", "state"],
         allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
     } as Provider;
 }