The redirect URL must be an absolute URL, for security reasons.
Sometimes it is desirable to have many pages with a login option. For this you can use a generic redirect page, redirecting back to the originating page. This can be achieved using the 'state'.
The state contains the path. Without host, to prevent XSS attacks.
In this example the state is actually a base64 encoded stringified JSON object. This way it can contain more data, like a unique identifier to prevent CSRF attacks.