couldn't figure out how to parse the below authentication stuff which i didn't find them anywhere, i would like to use them as headers once they found.

There is a "state" token that I I can't figure out how it's being generated. I wonder if there is an OAuth 2 expert at premier who could help with figuring it out

I think this is saying that the FIRST random state variable is generated by the client and sent to the server on the URL. https://auth0.com/docs/secure/attack-protection/state-parameters

Then the server sends it back and we then add it to the header on subsequent requests.

Below are the URL params for the FIRST auth request. state and nonce are the same, generated by java script in the browser. I think is can be any random string. I don't know where challenge_code comes from yet.

    "response_type"             := "code",
    "client_id"                 := "oc_hrpadmin",
    "state"                     := "ZEVSTElkR2JsVWNVbHI4UGJ6aWVNaFc1MExvckcyeFVCVmppcE5PV2IydGxHsemicolon%2F",
    "redirect_uri"              := "">hrpadminqa.premierinc.com",
    "scope"                     := "openid profile entityOrgCodeHRP",
    "code_challenge"            := "i1b3pu7oeDhROj7d1gBbZbPcUH10gTpzchiRMMm2uJY",
    "code_challenge_method"     := "S256",
    "nonce"                     :=