PFA attached document on steps needed to make Layer7 with OTK act as OAuth Provider and Ca SSO as OAuth Client. There is some useful info about OAuthStateDataCookie in it as well which is not documented any where.