[Request] Add state parameter to authorisation endpoint

JulianCarrivick · January 22, 2020, 1:41am

I have been integrating with Trello using the API using Redirecter.

A state parameter similar to OAuth2 (RFC 6749: The OAuth 2.0 Authorization Framework) would be very useful to be able to tie the redirected url back to the original client making the request. As mentioned in that RFC, it would also increase the security of the endpoint by helping to prevent CSRF attacks.

bentley · January 28, 2020, 4:09pm

Great request. It makes sense to me.

I’ll pass along to the team and see if they have any feedback. It is likely to make its way into our backlog, but might be something we could prioritize in the future. I’ll certainly let you know if I have any updates.

FredricLundberg · February 5, 2024, 5:25pm

any progress with the “state” parameter?