[Request] Add state parameter to authorisation endpoint

I have been integrating with Trello using the API using https://developers.trello.com/page/authorization#section-1authorize-route-options.

A state parameter similar to OAuth2 (https://tools.ietf.org/html/rfc6749#section-4.1.1) would be very useful to be able to tie the redirected url back to the original client making the request. As mentioned in that RFC, it would also increase the security of the endpoint by helping to prevent CSRF attacks.

Great request. It makes sense to me.

I’ll pass along to the team and see if they have any feedback. It is likely to make its way into our backlog, but might be something we could prioritize in the future. I’ll certainly let you know if I have any updates.

1 Like