Checking State During Auth
If you aren't doing it already, it's considered a good security practice to set the state parameter during the OAuth 2.0 flow. Doing so can protect against cross-site request forgery attacks.
We cover this in our guide on the user authorization flow.