Hi @liam2
Thanks for contacting Auth0 Community.
You are correct in that /login will use a different state but once you authenticate the original state will be returned to your callback url. e.g If I use the authorization code flow as below:
https://your-domain/authorize?&
response_type=code&
client_id=your-client-id&
redirect_uri=https://jwt.io&
scope=openid+email&
state=abc123state
/login uses something like:
state=hKFo2SBEeF84TmtIRk9NZzZLTE...
After authenticating successfully I am returned to my callback url with original state:
Can you share which flow you were using?
Warm regards.