@Override public String extractAuthCodeFromAuthResponse(@NonNull String redirectURLwithParams) throws OAuthException { // parse the redirectURL try { URL redirectURLObject = new URL(redirectURLwithParams); UrlEncoded urlEncoded = new UrlEncoded(redirectURLObject.getQuery()); String stateFromRedirectURL = urlEncoded.getValue(STATE, 0); // may contain multiple... if (stateFromRedirectURL == null) { if (persistedParams.state == null) { // This should not happen as the state is usually set return urlEncoded.getValue(CODE, 0); } // else throw new OAuthException(String.format("state from redirectURL is incorrect. Expected: %s Found: %s", persistedParams.state, stateFromRedirectURL)); } else { if (stateFromRedirectURL.equals(persistedParams.state)) { return urlEncoded.getValue(CODE, 0); } // else throw new OAuthException(String.format("state from redirectURL is incorrect. Expected: %s Found: %s", persistedParams.state, stateFromRedirectURL)); } } catch (MalformedURLException e) { throw new OAuthException("Redirect URL is malformed", e); } }