In OAuth, what is the state query parameter known as Local State?



The state query parameter is an opaque value used by the client (app) in redirection flow



It's used in the request that initiates a redirection flow

Example for an authorization code:

GET /authorize?state=xyz&response_type=code&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback HTTP/1.1


It comes back in the URL of the redirection response.

Example for an authorization code:

HTTP/1.1 302 Found


The state parameter value can

A state may be any string.


Discover More

is a SAAS identity and access management service An app initiates an authentication request to . routes the request to an Identity Provider through a configured connection. The user authenticates...
OAuth - Authorization Code

An authorization code is a intermediate credential used in a authorization code flow to retrieve a access token. It's a shared secret that does not long live because it's passed back via the query parameters...
What is a Cross-site request forgery attack (CSRF)? Web Security

A Cross-site request forgery (CSRF) is: a http request made by real users unknowingly with the help of the browser from a website to another target website (ie making the request a cross-site...
What is the OAuth Authorization Code Flow?

The authorization code grant type (flow) works with an intermediate credential called a authorization code. It is a indirect and redirection-based flow that is optimized for confidential clients. The...
What is the OAuth Authorization Endpoint?

The authorization endpoint is one of two endpoints of the authorization server. It's used by the client (app) to obtain authorization from the resource owner in the form of a authorization grant via...

Share this page:
Follow us:
Task Runner