Purpose of encoding then decoding request state

[osamaramihafez]

I'm still trying to understand the purpose of the custom json loads function and why we are encoding then decoding the request in _process_callback. I'm currently testing the callback endpoint using pytest and I keep getting an "incorrect padding" error whenever we attempt to fetch the state as shown here:

session_csrf_token = session.get('oidc_csrf_token')
state = _json_loads(urlsafe_b64decode(request.args['state'].encode('utf-8')))
csrf_token = state['csrf_token']

Could we not use an alternative for handling requests such as:

# after importing the ast library
csrf_token = ast.literal_eval(request.args.get("state"))["csrf_token"]

This seems to work with requests that come from a flask client while testing with pytest.

data = {"state": {"csrf_token": csrf_token}, "code": "falafel"}
result = client.get("/oidc_callback", query_string = data)