We experience some broken social login support in 13.5 for FB (as the on we play with), the redirect URI is broken like this.
The FB login icon opens this link:
The org.forgerock.openam.authentication.modules.oauth2.OAuth#process sets the "ORIG_URL" cookie value to something like /openam?goto=.... forwards the browser to Facebook.
When the Facebook redirects back to OAuthProxy.jsp the org.forgerock.openam.authentication.modules.oauth2.OAuthProxy combines the stored value with the query parameters code=…&state=... and redirects to /openam?goto=....
OPENAM-9597 issue is resolved the combined URL contains the state parameter twice which cause the problem with org.forgerock.oauth2.core.DuplicateRequestParameterValidator