Also, how should I generate my state strings? I am thinking that I could put a dummy url in the place of the authorize url, which is then caught by the program that I am running, and redirects to the actual authorize url with a generated state string. IE /twitchlogin redirects to https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=&redirect_uri=<REDIRECT_URI>&scope=openid&state=<GENERATED_STATE>
Does anyone see any problems with this particular method?