oauth-pythonclient
oauth-pythonclient copied to clipboard
Preserve custom state after redirect
I need to preserve state after redirecting (eg, using a custom parameter), but it seems the state parameter is currently only used for CSRF token. Is there another way to preserve state?
I don't believe the state parameter is limited to CSRF token, so you could encode a CSRF token and other state data into the state parameter.
Better, if there's any non-public data in the state that you want to preserve, would be to store it locally associated with the CSRF token and retrieve it after verifying the CSRF token. IIRC I store the CSRF token as a Redis key with the state for the value.