I'm trying to use app.UseOAuthAuthentication(), however it seems to be having issues with the system I'm integrating with.

They have a system where links are clicked in their portal and users are directed to my application with the code already in-hand. I think in this sense, I'm beginning the oauth2 flow somewhat half way through, although it still abides by standards.

Is there any way to tell the middleware to not require a state parameter or is this something that needs to be added as an optional feature?

I don't remember how I solved at end, but I think it worked as I wrote!