kinde-oss · Koosha-Owji · Aug 21, 2025
diff --git a/lib/KindeClientSDK.php b/lib/KindeClientSDK.php
@@ -834,15 +834,15 @@ private function getProtocol()
     /**
      * Checks the authentication state against the provided state from the server.
      *
-     * @param string $stateServer The state received from the server.
+     * @param string|null $stateServer The state received from the server, or null if missing.
      *
      * @throws OAuthException If the authentication state is empty or does not match the provided state.
      */
-    private function checkStateAuthentication(string $stateServer)
+    private function checkStateAuthentication(?string $stateServer)
     {
         $storageOAuthState = $this->storage->getState();
 
-        if (empty($storageOAuthState) || $stateServer != $storageOAuthState) {
+        if (empty($stateServer) || empty($storageOAuthState) || $stateServer !== $storageOAuthState) {
             throw new OAuthException("Authentication failed because it tries to validate state");
         }
     }

diff --git a/test/Sdk/KindeClientSDK.php b/test/Sdk/KindeClientSDK.php
@@ -506,11 +506,11 @@ private function getProtocol()
         return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http";
     }
 
-    private function checkStateAuthentication(string $stateServer)
+    private function checkStateAuthentication(?string $stateServer)
     {
         $storageOAuthState = $this->storage->getState();
 
-        if (empty($storageOAuthState) || $stateServer != $storageOAuthState) {
+        if (empty($stateServer) || empty($storageOAuthState) || $stateServer !== $storageOAuthState) {
             throw new OAuthException("Authentication failed because it tries to validate state");
         }
     }