Azure B2C State Mismatch Error with http localhost

The state mismatch occurs because the OAuth state cookie isn't sent during the cross-site redirect from Azure B2C. For cross-site redirects, you need SameSite=None with Secure=true, which requires HTTPS.