During testing with "Authelia" it turned out that the the STATE parameters is a mandatory request parameter in the OIDC Authorization request. (even with PKCE enabled)
Added this parameter as a random value. It is not verified during the callback processing. The PKCE verification should be sufficient.
During testing with "Authelia" it turned out that the the STATE parameters is a mandatory request parameter in the OIDC Authorization request. (even with PKCE enabled) Added this parameter as a random value. It is not verified during the callback processing. The PKCE verification should be sufficient.