Decrypt and validate OAuth state payload — state_payload_decrypt_validate • shinyOAuth

Internal utility that decrypts the encrypted state payload using the client's state_key, then validates freshness and client binding.

Usage

state_payload_decrypt_validate(client, encrypted_payload, shiny_session = NULL)

Arguments

client: OAuthClient instance
encrypted_payload: Encrypted state payload string received via the state query parameter.
shiny_session: Optional pre-captured Shiny session context (from capture_shiny_session_context()) to include in audit events. Used when calling from async workers that lack access to the reactive domain.

Value

A named list payload (state, client_id, redirect_uri, scopes, provider, issued_at) on success; otherwise throws an error via err_invalid_state().