Question about app state and code verifier

Do I need to have a unique app state and code verifier for each OIDC Auth Code Flow request/sign-in?
The samples that were provided by OKTA for Python did not seem to a unique value for each request, but:

  • those were only sample applications to help get one started
  • I did not extensively test this with many simultaneous users

What I have does seem to work, during my very limited testing, but it may not be correct.
What would be the problem of setting these values at application start up?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.