Hi there!

I'm working on a OAuth 2.0 integration with Jira. I'm able to start the dance and accept the required scopes in Jira via popup window but the state parameter is altered in between making my request fail.

Popup opening request:

https://auth.atlassian.com/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=read%3Ajira-work+write%3Ajira-work+offline_access&state=orgId%3D00Dxx00ydXEbnlg%26data%3DAxx0000005J2uWcxLWrdrKZgtfewLWe2WrLZam96HSgZr2c1WGt609yFWMm4Aa%252F20w7dgzwophiZldOrsVrxcTfe7mb4PNUEvvNJaKatuz6YiUPS8AVitK1wTeayUl5vGW9ks0y549NdHlPwlhVPqevTrfjewlAWFYN9BEJnecY33qwZve9f4VzXZODAY77P91xXxr57yGhM%252FXdeqD3xicJ7gfiB8dGn9uhIJAwISUOKAqpbz0VdC706hQuXTJwk%252F8b%252FKgJbCIhkemodEAcDUyDLfTs9RZRcoeELLDR5vrCoZILosTGiROCzVSGA6D72JbuMhEITIEV%252Fd%26id%3D02Gxx0000005J4W%26sig%3D1weHJdehSXg87W7O67Wx5%252FPMdG877jY5WdA6Y%252FE694Y%253D&audience=api.atlassian.com&prompt=consent

Callback request:

https://TARGET_SYSTEM/callback?state=orgId%3D00Dxx00ydXEbnlg%26data%3DAxx0000005J2uWcxLWrdrKZgtfewLWe2WrLZam96HSgZr2c1WGt609yFWMm4Aa%2F20w7dgzwophiZldOrsVrxcTfe7mb4PNUEvvNJaKatuz6YiUPS8AVitK1wTeayUl5vGW9ks0y549NdHlPwlhVPqevTrfjewlAWFYN9BEJnecY33qwZve9f4VzXZODAY77P91xXxr57yGhM%2FXdeqD3xicJ7gfiB8dGn9uhIJAwISUOKAqpbz0VdC706hQuXTJwk%2F8b%2FKgJbCIhkemodEAcDUyDLfTs9RZRcoeELLDR5vrCoZILosTGiROCzVSGA6D72JbuMhEITIEV%2Fd%26id%3D02Gxx0000005J4W%26sig%3D1weHJdehSXg87W7O67Wx5%2FPMdG877jY5WdA6Y%2FE694Y%3D&code=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4ZjJhYzMwMi00OTIxLTRlNzgtYjY4MS0yZDFjZGI1MzZhYWYiLCJzdWIiOiI1NTcwNTg6NDk0ZDU4MGYtNzM4ZC00YTI3LTkzMTEtY2JmMThkMjY3OWU4IiwibmJmIjoxNzMwMTQzMTEyLCJpc3MiOiJhdXRoLmF0bGFzc2lhbi5jb20iLCJpYXQiOjE3MzAxNDMxMTIsImV4cCI6MTczMDE0MzQxMiwiYXVkIjoiaUdUQUM2YjFuVlBkVktJN3lKVjJGbFVJYXFBanZsN1AiLCJjbGllbnRfYXV0aF90eXBlIjoiUE9TVCIsImh0dHBzOi8vaWQuYXRsYXNzaWFuLmNvbS92ZXJpZmllZCI6dHJ1ZSwiaHR0cHM6Ly9pZC5hdGxhc3NpYW4uY29tL3VqdCI6IjhmMmFjMzAyLTQ5MjEtNGU3OC1iNjgxLTJkMWNkYjUzNmFhZiIsInNjb3BlIjpbInJlYWQ6amlyYS13b3JrIiwib2ZmbGluZV9hY2Nlc3MiLCJ3cml0ZTpqaXJhLXdvcmsiXSwiaHR0cHM6Ly9pZC5hdGxhc3NpYW4uY29tL2F0bF90b2tlbl90eXBlIjoiQVVUSF9DT0RFIiwiaHR0cHM6Ly9pZC5hdGxhc3NpYW4uY29tL2hhc1JlZGlyZWN0VXJpIjp0cnVlLCJodHRwczovL2lkLmF0bGFzc2lhbi5jb20vc2Vzc2lvbl9pZCI6IjYxZDgxNjIxLThlYzItNGM4ZC1hMWYxLTJmZTRhNmQyNDYyZSIsImh0dHBzOi8vaWQuYXRsYXNzaWFuLmNvbS9wcm9jZXNzUmVnaW9uIjoidXMtZWFzdC0xIn0.5ZOSOtLIsHiyoqJOJfvMsIYe7o8TSZzJV9tAKGvw9NM

State param from target system to Jira:

orgId%3D00Dxx00ydXEbnlg%26data%3DAxx0000005J2uWcxLWrdrKZgtfewLWe2WrLZam96HSgZr2c1WGt609yFWMm4Aa%252F20w7dgzwophiZldOrsVrxcTfe7mb4PNUEvvNJaKatuz6YiUPS8AVitK1wTeayUl5vGW9ks0y549NdHlPwlhVPqevTrfjewlAWFYN9BEJnecY33qwZve9f4VzXZODAY77P91xXxr57yGhM%252FXdeqD3xicJ7gfiB8dGn9uhIJAwISUOKAqpbz0VdC706hQuXTJwk%252F8b%252FKgJbCIhkemodEAcDUyDLfTs9RZRcoeELLDR5vrCoZILosTGiROCzVSGA6D72JbuMhEITIEV%252Fd%26id%3D02Gxx0000005J4W%26sig%3D1weHJdehSXg87W7O67Wx5%252FPMdG877jY5WdA6Y%252FE694Y%253D

State param from Jira to target system:

orgId%3D00Dxx00ydXEbnlg%26data%3DAxx0000005J2uWcxLWrdrKZgtfewLWe2WrLZam96HSgZr2c1WGt609yFWMm4Aa%2F20w7dgzwophiZldOrsVrxcTfe7mb4PNUEvvNJaKatuz6YiUPS8AVitK1wTeayUl5vGW9ks0y549NdHlPwlhVPqevTrfjewlAWFYN9BEJnecY33qwZve9f4VzXZODAY77P91xXxr57yGhM%2FXdeqD3xicJ7gfiB8dGn9uhIJAwISUOKAqpbz0VdC706hQuXTJwk%2F8b%2FKgJbCIhkemodEAcDUyDLfTs9RZRcoeELLDR5vrCoZILosTGiROCzVSGA6D72JbuMhEITIEV%2Fd%26id%3D02Gxx0000005J4W%26sig%3D1weHJdehSXg87W7O67Wx5%2FPMdG877jY5WdA6Y%2FE694Y%3D

When my target system validates the state parameter rejects it saying that it has been tampered.

I found this tow similar cases, but weren't helpful for my problem:

• Case one
• Case two

Does anyone have any clues? 

Thanks!