I try to get an authorization token using the OAuth functionality in httr2 using pseudo-oob (another reference). I am almost there, but in the final step, when I enter the access token manually in the R console prompt, I also have to enter the “stage” value. Whatever I put in there, I get an error.

This is how the console looks like:

Enter authorization code or URL: xxxx
Enter state parameter: xxxx
Error in `oauth_flow_auth_code_read()`:
! Authentication failure: state does not match

I tried to narrow down the cause of this error and I found out that I am unable to pass a state value to the oauth_flow_auth_code_url function. The code (reproducible example) is as follows:

if (!require("httr2")) {
  install.packages("httr2")
  install.packages("httpuv")
}

library("httr2")

debug(oauth_flow_auth_code_url)

req1 <- request("https://google.com/")

client <- oauth_client(
  id = "id-123",
  token_url = "https://google.com/token",
  secret = "the-sectret-123",
  key = NULL,
  auth = c("body", "header", "jwt_sig")[2],
  auth_params = list(state = "abcdefgh")
)

req2 <- req_oauth_auth_code(
  req = req1,
  client = client,
  auth_url = "https://google.com/token",
  scope = NULL,
  pkce = TRUE,
  auth_params = list(state = "abcdefgh"),
  token_params = list(state = "abcdefgh"),
  redirect_uri = "https://google.com/callback",
  cache_disk = FALSE,
  cache_key = NULL
)

req_dry_run(req2)
req_perform(req2)

As you can see, I tried to specify the state paramter multiple times (list(state = "abcdefgh")) as suggested by the documentation for the function.

When you execute the code above, you will find yourself in debug mode within the function oauth_flow_auth_code_url. Then, execute print(state) in the R console and you will notice that the value of the state is not "abcdefgh" but a random string.

Am I getting something wrong here? Any hints? Thank you in advance!