Zoom apps install mechanism

I am going through the sample code zoomapps-sample-js. It has implemented several url endpoints:

/install - this is invoked when the user wants to install the app from my website. It makes a call to zoom.us/oauth/authorize

/auth - invoked by a redirect from a call to “https://zoom.us/oauth/authorize”. When this redirect is happening, it supplies GET parameters “code” and “state”, furthermore there is a “verifier” stored inside req.session, and the code explicitly checks if “verifier” and “state” are present and state has a specific value.

However, the zoom apps dev page also allows installing the app from there (“Add” button from the “Activation” page). Once clicked, it redirects to /auth endpoint of my backend, supplying only “code” GET parameter (no state, and obviously no verifier is stored in the session).
Having no verifier, I am unable to request token and then generate a deeplink to open Zoom app.

What is the procedure for installing the app in this second manner?
Thank you

@NickDev Good question! At this time, we don’t support the Add button from the marketplace because as you’ve noticed it does not support the state or PKCE. This is something that we’ll look into fixing going forward.