Okta Custom Callback Route - Configuring State Param


I am following this information in order to define a custom state in the params in order to redirect to one of many redirect URIs.

I was wondering if I can configure the state to hold a UUID string or a URI parameter in order to redirect appropriately to Okta’s own hosted login back after the authorization callback is called. It would be nice to also add a {key1: value1, key2: value2} as well to that state if possible by encoding it as my own JWT as a state. I understand JWT is a future feature for Flask but has not been released yet.

I can see a CSRF token implemented on the callback route from Okta and wanted to add in an additional token in the headers or using the state param in the POST payload back to Okta’s hosted sign in page.

Here is the state that I am referring to:

If using below can be added as a state as well let me know. I don’t see User() defined and I am assuming it’s just a class based OOP model with these attributes.

user = User(
        id_=unique_id, name=user_name, email=user_email

These are all server side rendered calls as I have multiple redirects to choose from upon successful login based on the payload. I was told to use either a web hook or access policies which does not find the direction the team wants to go from.