diff --git a/README.md b/README.md
index 2292ab4..b82f6ec 100644
--- a/README.md
+++ b/README.md
@@ -181,6 +181,12 @@ Finally, you may choose to overwrite some configuration defaults.
> In lieu of a user session, a helper instance _could_ store the authorization state in a local variable and share it between users of the instance. Currently, this is not supported, because the primary audience for the library is thought to be a typical web application with unique user accounts.
+* `authorizationId`
+
+ The helper instance saves the authorization state under a key in the session object. By default, if no input is provided, the key is generated randomly based on the current timestamp. If `authorizationId` is defined, it's value is used to generate the key. Doing so allows different helper instances to share an authorization.
+
+ > In order to scale an application horizontally, while using a shared session store, the key, under which the authorization state is stored, can be controlled, so that an authorization is available throughout instances of the application running in parallel. If `authorizationId` is not set, a random key is generated for each helper instance.
+
* `customize`
You can customize the default behavior of the Issuer and Client classes and their respective instances as described in [Customizing](https://github.com/panva/node-openid-client/tree/master/docs#customizing) section of the openid-client documentation. For example:
diff --git a/docs/README.md b/docs/README.md
index 17f4fb9..8386908 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -50,6 +50,7 @@ Represents an `openid-client-helper` instance.
| [param0.resources] | object | { 'https://': { scope: '*' } } | A set of resources associated with resource specific scope(s). Each resource key is, generally, to comply with the proposed [Resource Parameter](https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08#section-2) definition, as it may be used as the resource indicator in systems that adopt the draft. The resource keys will be compared against the URI in requests to a protected API resource, and the key matching the left part of the URI the most will be used to retrieve corresponding access token. |
| [param0.useMasterAccessToken] | boolean | false | Indicates whether or not the "master" access token, the one associated with scopes approved by the resource owner, is to be used if a resource specific access token cannot be obtained. Setting this to `true` is not normally recommended, for it leads to use of an access token that is not audience restricted. |
| [param0.sessionKey] | string | "session" | The key identifying the session object attached to requests. |
+| [param0.authorizationId] | string | | Identifier for the authorization state saved in the session object, so that an authorization could be shared between the helper instances and used for horizontal scaling. |
| [param0.useResourceIndicators] | boolean | false | Indicates whether [Resource Indicators for OAuth 2.0](https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08) are supported by the authorization server. |
| [param0.customize] | function | | A function to modify openid-client defaults using its [Customizing](https://github.com/panva/node-openid-client/tree/master/docs#customizing) means. The function will be sent the `custom` options object and the `Issuer` constructor. When an `issuer` or `client` instance is created, it will be provided as a parameter along with the `custom` object. This means that the `customize` function should check for presence of the `Issuer`, `issuer`, or/and `client` parameters, if those were to be modified. |
diff --git a/lib/index.js b/lib/index.js
index b01378c..45b0daf 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -54,6 +54,7 @@ const {
* Setting this to `true` is not normally recommended,
* for it leads to use of an access token that is not audience restricted.
* @param {string} [param0.sessionKey=session] The key identifying the session object attached to requests.
+ * @param {string} [param0.authorizationId] Identifier for the authorization state saved in the session object, so that an authorization could be shared between the helper instances and used for horizontal scaling.
* @param {boolean} [param0.useResourceIndicators=false] Indicates whether [Resource Indicators for OAuth 2.0]{@link https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08}
* are supported by the authorization server.
* @param {function} [param0.customize] A function to modify openid-client defaults using its [Customizing]{@link https://github.com/panva/node-openid-client/tree/master/docs#customizing} means.
@@ -75,6 +76,7 @@ module.exports = function ({
},
useMasterAccessToken = false,
sessionKey = 'session',
+ authorizationId,
useResourceIndicators = false,
customize
}) {
@@ -105,7 +107,7 @@ module.exports = function ({
const hashes = crypto.getHashes()
/**
- * Unique identifier for this authorization in session.
+ * Identifier for this authorization in session. Base on custom data or generate randomly.
*/
const authorizationKey = crypto.createHash(
hashes
@@ -114,7 +116,7 @@ module.exports = function ({
return hash.match(/^sha1$|^sha256$/)
}) || hashes[hashes.length - 1]
)
- .update((new Date()).valueOf().toString())
+ .update(authorizationId || (new Date()).valueOf().toString())
.digest('base64')
const helper = {