Using JWT tokens for encoding/decoding/validation of state params carried throughout the OIDC/OAuth2 flow.
Validating of integrity is crucial, as this piece of information contains the ID of the OIDC client to continue with when Gitpod receives the callback from a 3rd party. Tests should show that expiration time is checked and signature validation is effective.
