From c9db8594926b4f6d633b0b1a7a14fca81a6f8b87 Mon Sep 17 00:00:00 2001
From: Mike Nitchie <mikenitchie@gmail.com>
Date: Wed, 16 Dec 2020 21:47:00 -0500
Subject: [PATCH 1/2] Use a 24 character state parameter

---
 fhirclient/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fhirclient/auth.py b/fhirclient/auth.py
index fb3e3b9d7..8c5d4687d 100644
--- a/fhirclient/auth.py
+++ b/fhirclient/auth.py
@@ -200,7 +200,7 @@ def _authorize_params(self, server):
         if server is None:
             raise Exception("Cannot create an authorize-uri without server instance")
         if self.auth_state is None:
-            self.auth_state = str(uuid.uuid4())[:8]
+            self.auth_state = uuid.uuid4().hex[:24]
             server.should_save_state()
         
         params = {

From edbfb79a1962e32e709651b2d62dd1203a8bfa87 Mon Sep 17 00:00:00 2001
From: Mike Nitchie <mikenitchie@gmail.com>
Date: Wed, 16 Dec 2020 22:04:39 -0500
Subject: [PATCH 2/2] Use the entire uuid

---
 fhirclient/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fhirclient/auth.py b/fhirclient/auth.py
index 8c5d4687d..af77c27c3 100644
--- a/fhirclient/auth.py
+++ b/fhirclient/auth.py
@@ -200,7 +200,7 @@ def _authorize_params(self, server):
         if server is None:
             raise Exception("Cannot create an authorize-uri without server instance")
         if self.auth_state is None:
-            self.auth_state = uuid.uuid4().hex[:24]
+            self.auth_state = str(uuid.uuid4())
             server.should_save_state()
         
         params = {