I am writing a customized identity provider SPI by extending AbstractOAuth2IdentityProvider. However, I faced a problem that the external IDP does not accept “state” parameter larger than 36 characters while “state” cannot be null in AbstractOAuth2IdentityProvider.Endpoint.authResponse.
In the IdentityBrokerState class, the encodedState = state + “.” + tabId + “.” + clientIdEncoded; which is much larger than 36 characters which causes the problem. As I know, these information will be used to look up the session for the user when IDP callback with authorization_code and encodedState.
The External IDP is unchangeable as it owns by other authorities. How can I customize the identity Provider SPI for this specification? I am hard-stuck in this situation. Any help is appreciated.