Hi @mahmut.surekci,
Thank you for your reply.
After resolving the issue with you via direct messages, I am sharing the solution here to help the rest of the Community.
Having investigated the HAR file carefully, I could not find any errors or issues with authentication. Both the /authorize request and the callback URL seem to be functioning without any problems.
The HAR file clearly shows that an initial request was made to the /authorize endpoint. Subsequently, the login transaction was successful and the user was redirected back to the callback URL, also without any issues.
Moreover, I have verified that the state parameter passed to the /authorize endpoint matches the one returned in the callback URL. Therefore, I can confirm that the state values are consistent.
In my research, I found that the allowed length for the state parameter value is not unlimited. Hence, using a three-character string for the state, as observed in your HAR file, should not cause any problems.
(Reference: Prevent Attacks and Redirect Users with OAuth 2.0 State Parameters)
In this case, I recommend logging in using the loginWithRedirect() method. This should generate the state parameter on your behalf and guarantees that it does not lose context throughout the transaction.
Thanks,
Rueben