Optional iss?: stringOptional state?: stringThe identifier of the authorization server which the client can use to prevent mixup attacks, if the client interacts with more than one authorization server. See [RFC9207] for additional details on when this parameter is necessary, and how the client can use it to prevent mixup attacks.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-06#section-4.1.2
Required if the state parameter was present in the client authorization request. The exact value received from the client.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-06#section-4.1.2
Static fromOptional state: string
The authorization code is generated by the authorization server and opaque to the client. The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is RECOMMENDED. The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all access tokens and refresh tokens previously issued based on that authorization code. The authorization code is bound to the client identifier, code challenge and redirect URI.
Source: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-06#section-4.1.2