diff --git a/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
index b4c70bcf..85e1a58b 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java
@@ -50,15 +50,16 @@ public AuthAmazonRequest(AuthConfig config, AuthStateCache authStateCache) {
      */
     @Override
     public String authorize(String state) {
+        String realState = getRealState(state);
         UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize())
             .queryParam("client_id", config.getClientId())
             .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .queryParam("response_type", "code")
-            .queryParam("state", getRealState(state));
+            .queryParam("state", realState);
 
         if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
             String codeVerifier = PkceUtil.generateCodeVerifier();
             String codeChallengeMethod = "S256";
             String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
@@ -86,7 +87,7 @@ public AuthToken getAccessToken(AuthCallback authCallback) {
         form.put("client_secret", config.getClientSecret());
 
         if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
             String codeVerifier = this.authStateCache.get(cacheKey);
             form.put("code_verifier", codeVerifier);
         }