OAuth state parameter


OAuth state parameter is a OAuth 2.0 parameter used to prevent Cross-site request forgery and Best Practices would be use a CSRF Token

Some folks recommend this be a Digital Signature and stored within the browser cookie

Encoding claims in the OAuth 2 state parameter using a JWT points out some recommendation on use of OAuth state parameter

OAuth state parameter is a form of a Nonce

More Information#

There might be more information for this subject on one of the following: