In OAuth, what is the state query parameter known as Local State?

Oauth

About

The state query parameter is an opaque value used by the client (app) in redirection flow

Usage

Request

It's used in the request that initiates a redirection flow

Example for an authorization code:

GET /authorize?state=xyz&response_type=code&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback HTTP/1.1
Host: server.example.com

Callback

It comes back in the URL of the redirection response.

Example for an authorization code:

HTTP/1.1 302 Found
Location: https://client.example.com/callback?state=xyz&code=SplxlOBeZQQYbYS6WxSbIA

Value

The state parameter value can

A state may be any string.

state=BVBGzPxmRgi6MNgj9Hmq





Discover More
Auth0

is a SAAS identity and access management service An app initiates an authentication request to . routes the request to an Identity Provider through a configured connection. The user authenticates...
Oauth
OAuth - Authorization Code

An authorization code is a intermediate credential used in a authorization code flow to retrieve a access token. It's a shared secret that does not long live because it's passed back via the query parameters...
What is a Cross-site request forgery attack (CSRF)? Web Security

A Cross-site request forgery (CSRF) is: a http request made by real users unknowingly with the help of the browser from a website to another target website (ie making the request a cross-site...
Oauth
What is the OAuth Authorization Code Flow?

The authorization code grant type (flow) works with an intermediate credential called a authorization code. It is a indirect and redirection-based flow that is optimized for confidential clients. The...
Oauth
What is the OAuth Authorization Endpoint?

The authorization endpoint is one of two endpoints of the authorization server. It's used by the client (app) to obtain authorization from the resource owner in the form of a authorization grant via...



Share this page:
Follow us:
Task Runner