Oauth loses state param on login


Hi there,

Looks like the redirect_url passed to authentication loses the state parameter if the user has to log in during the process. If the user is already logged in the state parameter remains as expected.

For example, this oauth request would redirect to the following if they were not already logged in:


The Oauth flow is currently based off Oauth1 so it does not include a state param.


Hi Seb,
Are there any plans to move to OAuth2 and include the “state” param? If so, can you please let us know an ETA.