For Developers

Maintaining SSO Security

Checking State During Auth

If you aren't doing it already, it's considered a good security practice to set the state parameter during the OAuth 2.0 flow. Doing so can protect against cross-site request forgery attacks.

We cover this in our guide on the user authorization flow.