login?state=が固定されている

[eai04191]

littlify/packages/client/src/component/SpotifyLoginButton.tsx

Line 9 in 3023b1b

href={`${process.env.SERVER_URI}/v1/#?state=hogehoge`}

State

Optional, but strongly recommended.
The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string, or encode the hash of some client state, such as a cookie, in this state variable, you can validate the response to additionally ensure that both the request and response originated in the same browser. This provides protection against attacks such as cross-site request forgery. See RFC-6749.
https://developer.spotify.com/documentation/general/guides/authorization-guide/

セキュリティのために適当な文字列を動的に作成して使うべき