Oauth Requests dropping extra query params, adding state=''

We’ve been using our infusionSoft integration for years with no issues during the setup process, we’re able to pass all the params we need to ifs to get an access token by redirecting like this:

Recently the response from accounts.infusionsoft.com seems to have changed and we no longer get any of those extra query params to pass through to our server. Instead of getting a get request to https://{ourApplication}/api/infusionSoft/{userId}?code={code}&scope=full%7Ctest.infusionsoft.com&clientId={ourClientId} we just get https://{ourApplication}/api/infusionSoft/{userId}?code={code}&scope=full%7Ctest.infusionsoft.com&state=''

  1. What is “State”. Why was it added as a parameter to this process?
  2. Where did the redirectURL and ClientID go that infusionSoft used to include in the request to our server?

I could be mistaken but I don’t think we have ever sent the client_id back on the redirect. Also that isn’t to spec. The state param is part of the OAuth spec as well and it is for clients to pass a state with the authorization and you will receive it back. This is used for tying the response from us to your original request so you know what user on your end the authorization code is for. It is optional, but a fair number of people send us a state param. I will check our stuff though on my you received a state param with ''

Is this something you have noticed recently like in the last couple days?