[Enhancement] Add `state` Parameter to OAuth2 Authorization Flow

[lcox74]

Currently, requests to the /v1/oauth2/authorize endpoint via the Auth SDK do not include a state parameter. This omission poses a potential security risk and reduces our ability to verify that the redirect response originated from the client’s original authorization request.

Proposed Change

Update the Auth SDK to handle state generation, inclusion, and validation automatically. This includes creating a new error as well.

Implementation Notes

• Some end-to-end tests may break because of this change, and we should add some tests to ensure that it does verify the state field.
• Keep the state value concise, around 10–12 characters is sufficient.

References

• Auth0: State Parameters for CSRF Protection

[lcox74]

For some reason I have completely forgot that we already have the state support, I just forgot to add it to the Auth SDK and test for it. I'll update the issue description for this.