diff --git a/example/server/storage/oidc.go b/example/server/storage/oidc.go
index 22c0295f..c04877f1 100644
--- a/example/server/storage/oidc.go
+++ b/example/server/storage/oidc.go
@@ -164,6 +164,15 @@ func authRequestToInternal(authReq *oidc.AuthRequest, userID string) *AuthReques
 	}
 }
 
+type AuthRequestWithSessionState struct {
+	*AuthRequest
+	SessionState string
+}
+
+func (a *AuthRequestWithSessionState) GetSessionState() string {
+	return a.SessionState
+}
+
 type OIDCCodeChallenge struct {
 	Challenge string
 	Method    string
diff --git a/pkg/op/auth_request_test.go b/pkg/op/auth_request_test.go
index 765e6023..11bf1e9b 100644
--- a/pkg/op/auth_request_test.go
+++ b/pkg/op/auth_request_test.go
@@ -1090,6 +1090,34 @@ func TestAuthResponseCode(t *testing.T) {
 				wantBody:           "",
 			},
 		},
+		{
+			name: "success with state and session_state",
+			args: args{
+				authReq: &storage.AuthRequestWithSessionState{
+					AuthRequest: &storage.AuthRequest{
+						ID:            "id1",
+						TransferState: "state1",
+					},
+					SessionState: "state2",
+				},
+				authorizer: func(t *testing.T) op.Authorizer {
+					ctrl := gomock.NewController(t)
+					storage := mock.NewMockStorage(ctrl)
+					storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
+
+					authorizer := mock.NewMockAuthorizer(ctrl)
+					authorizer.EXPECT().Storage().Return(storage)
+					authorizer.EXPECT().Crypto().Return(&mockCrypto{})
+					authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
+					return authorizer
+				},
+			},
+			res: res{
+				wantCode:           http.StatusFound,
+				wantLocationHeader: "/auth/callback/?code=id1&session_state=state2&state=state1",
+				wantBody:           "",
+			},
+		},
 		{
 			name: "success without state", // reproduce issue #415
 			args: args{