Variable: skipStateCheck

May 27, 2025 ยท View on GitHub

๐Ÿ’— Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.

โ€ข const skipStateCheck: unique symbol

Warning


This option has security implications that must be understood, assessed for applicability, and accepted before use.

Use this as a value to validateAuthResponse expectedState parameter to skip the state value check when you'll be validating such state value yourself instead. This should only be done if you use a state parameter value that is integrity protected and bound to the browsing session. One such mechanism to do so is described in an I-D draft-bradley-oauth-jwt-encoded-state-09.