From ed71e6b9cf493ca33df20073c34f6c56ad533c33 Mon Sep 17 00:00:00 2001
From: Jared Hanson <jaredhanson@gmail.com>
Date: Wed, 30 Jun 2021 20:37:18 -0700
Subject: [PATCH] Add clarifying comments.

---
 lib/strategy.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index 7185999..0902ec5 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -255,9 +255,14 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     if (state && typeof state !== 'object') {
       // NOTE: In passport-oauth2@1.5.0 and earlier, `state` could be passed as
       //       an object.  However, it would result in an empty string being
-      //       serialized as the value of the query parameter by `url.format()`.
-      //       In practice, this implies that `state` was only functional when
-      //       passed string values.
+      //       serialized as the value of the query parameter by `url.format()`,
+      //       effectively ignoring the option.  This implies that `state` was
+      //       only functional when passed as a string value.
+      //
+      //       This fact is taken advantage of here to fall into the `else`
+      //       branch below when `state` is passed as an object.  In that case
+      //       the state will be automatically managed and persisted by the
+      //       state store.
       params.state = state;
       
       var parsed = url.parse(this._oauth2._authorizeUrl, true);