Hi,

I have a strange behaviour with an invalid state param.

The server writes the following log, which is correct:
WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie

After that I receive a 400 error in my browser with the following URL:
https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40ZdCx2FjC6qslukdc.9ef6b6f7-b888-4a59-b34c-7af6d490614b&state=dc-4d82-b0c9-d434b917dfce

I can load this URL again and than I am successfully logged in.

Is this the correct behaviour?

Best
Michael