I am new to OAuth2-proxy, I am using it with keyclock to secure our backend, ouath2-proxy generate CSRF token as cookie which is not recommended by OWSAP can anyone explain why it is implemented using cookie. Additionally, it isonly used in callback request and not in subsequent requests what is the logic behind that?
