Error message “Invalid CSRF token”

Hello, community!

I am working on implementing OAuth 2.0 authentication in InterSystems IRIS and need to correctly define a CSRF token that will be validated by OAuth.Response. However, I am having trouble finding a clear method to configure the CSRF token correctly.

So far, I have tried:

• Setting the CSRF token in the request header.
• Inserting the CSRF token via InsertCookie.

Despite these attempts, I haven’t been successful. On the OAuth.Response page, the CSRF token is empty, and I get the error message “Invalid CSRF token” because the csrfToken is empty.

If csrfToken '= state { $$$ThrowStatus($$$ERROR($$$OAuth2ResponseError, "Invalid CSRF token")) }

Has anyone faced a similar issue or could suggest the best approach to configure the CSRF token for validation by OAuth.Response?

Any guidance or insights would be greatly appreciated!

Thank you in advance for your help!