Bad side effect in `isReturningFromAuthServer()`

[jacksonthall22]

Multiple calls to isReturningFromAuthServer() while the code and state params are still in the URL will cause state.hasAuthCodeBeenExchangedForAccessToken to be set to false even when it really has already been exchanged, which could cause other methods like getAccessToken() (which I would otherwise expect to be idempotent) to call exchangeAuthCodeForAccessToken() multiple times, throwing (in my case) a 400 error from the fetch call to the third party endpoint when it sees that I'm trying to use the same code a second time.

It took me so long to track down why so just trying to save others the headache.

Are there any maintenance plans for this library in the future?