I’m a bit confused as to what’s supposed to happen in the step during oauth after redirecting to the callback.
So openAI calls /token, and expects me to return the accesstoken and so on. But I also want the state again here, so I can give it back the token that matches the state. Otherwise anyyone can just POST /token and grab an access token. What am I missing?