The currentState cannot just be passed as parameter in the URL Because the URL-length is limited. Therefore, we keep it in localStorage.
The RedirectUrl has to be the same for all call to the issuer Because the authentication is given for a specific redirectUrl. Therefore, we keep it in localStorage.
ProtectedhandleProtectedloggedStaticget
Code verifier for Authorization Code Grant with Proof Key for Code Exchange (PKCE) It has to be the same when coming back from the issuer after a redirect Therefore, we keep it in localStorage.