oauth-pythonclient icon indicating copy to clipboard operation
oauth-pythonclient copied to clipboard

Published 20 hours ago verified publisher icon intuit

Preserve custom state after redirect

Open bendavis78 opened this issue 2 years ago • 1 comments

I need to preserve state after redirecting (eg, using a custom parameter), but it seems the state parameter is currently only used for CSRF token. Is there another way to preserve state?

bendavis78 avatar May 16 '22 19:05 bendavis78

I don't believe the state parameter is limited to CSRF token, so you could encode a CSRF token and other state data into the state parameter.

Better, if there's any non-public data in the state that you want to preserve, would be to store it locally associated with the CSRF token and retrieve it after verifying the CSRF token. IIRC I store the CSRF token as a Redis key with the state for the value.

indepndnt avatar May 29 '22 14:05 indepndnt