[BUG OAUTH] - Missing state parameters in dev mode only since yesterday

After some research, I figured that OpenAI sends a state parameter when it sends the scope and the redirect_uri.

However, that is not documented. Here’s what the doc says:

  • When a user logs into the plugin, ChatGPT will direct the user’s browser to "[client_url]?response_type=code&client_id=[client_id]&scope=[scope]&redirect_uri=https%3A%2F%2Fchat.openai.com%2Faip%2F[plugin_id]%2Foauth%2Fcallback"

So I’m now appending this state parameter to the redirect_uri just next to the code parameter.

This solves the issue.

The thing is, it seems this state parameter is not documented at all and moreover it was not something blocking before. So I guess many developers are facing this issue now.

@logankilpatrick could you confirm that is something we should do? Since it’s not documented, I don’t want to make a mistake.

3 Likes