Issue and Steps to Reproduce

Here is the flow:
User enters application, clicks Submit, get forwarded to authorization server in the same tab. Url to authorize contains state parameter.
On AuthServer login screen, user clicks forgot password, provides email address and submits. In few seconds gets an email with a link to reset password. User clicks the link, that opens a new tab with a form and on submit, user is forwarded to the application. Callback contains code and the state parameter, same as on the beginning of the process.
Application shows error authentication page with errors:

- storage[oidc.login.default] is empty, you should have an bad OIDC or code configuration somewhere.
- Error: State not valid (expected: undefined, received: CBY4cjIuYqiqstIO)

I think key issue is that the second part of the process is continued in the new tab, where there is no state persisted in sessionStorage. But is lack of state in storage a reason why flow cannot be continued and get the token?

Before you ask, localStorage is not allowed for security reasons.

I think the flow describe is quite standard, so probably i might be doing something wrong.

Versions

"@axa-fr/oidc-client": "^7.24.0",
"@axa-fr/react-oidc": "^7.24.0",

Screenshots

Configuration

export const configurationObj: OidcConfiguration = {
	client_id: env.VITE_AUTH_CLIENT_ID,
	redirect_uri: env.VITE_AUTH_REDIRECT_URI,
	scope: env.VITE_AUTH_SCOPE || 'openid profile email',
	authority: env.VITE_AUTH_AUTHORITY,
	service_worker_only: false,
	demonstrating_proof_of_possession: false,
};

Installed packages

"react": "^17.0.2",
"react-router-dom": "^6.2.1",