diff --git a/tests/test_sso.py b/tests/test_sso.py
index 2a19131f..94ad6590 100644
--- a/tests/test_sso.py
+++ b/tests/test_sso.py
@@ -15,9 +15,7 @@ def setup(self, set_api_key_and_project_id):
         self.provider = ConnectionType.GoogleOAuth
         self.customer_domain = "workos.com"
         self.redirect_uri = "https://localhost/auth/callback"
-        self.state = {
-            "things": "with_stuff",
-        }
+        self.state = json.dumps({"things": "with_stuff",})
 
         self.sso = SSO()
 
@@ -84,7 +82,7 @@ def test_authorization_url_has_expected_query_params_with_provider(self):
             "client_id": workos.project_id,
             "redirect_uri": self.redirect_uri,
             "response_type": RESPONSE_TYPE_CODE,
-            "state": json.dumps(self.state),
+            "state": self.state,
         }
 
     def test_authorization_url_has_expected_query_params_with_domain(self):
@@ -101,7 +99,7 @@ def test_authorization_url_has_expected_query_params_with_domain(self):
             "client_id": workos.project_id,
             "redirect_uri": self.redirect_uri,
             "response_type": RESPONSE_TYPE_CODE,
-            "state": json.dumps(self.state),
+            "state": self.state,
         }
 
     def test_authorization_url_has_expected_query_params_with_domain_and_provider(self):
@@ -120,7 +118,7 @@ def test_authorization_url_has_expected_query_params_with_domain_and_provider(se
             "client_id": workos.project_id,
             "redirect_uri": self.redirect_uri,
             "response_type": RESPONSE_TYPE_CODE,
-            "state": json.dumps(self.state),
+            "state": self.state,
         }
 
     def test_get_profile_returns_expected_workosprofile_object(
diff --git a/workos/sso.py b/workos/sso.py
index 9beaa21b..f90fe8c0 100644
--- a/workos/sso.py
+++ b/workos/sso.py
@@ -42,7 +42,7 @@ def get_authorization_url(
         Kwargs:
             domain (str) - The domain a user is associated with, as configured on WorkOS
             redirect_uri (str) - A valid redirect URI, as specified on WorkOS
-            state (dict) - A dict passed to WorkOS, that'd be preserved through the authentication workflow, passed
+            state (str) - An encoded string passed to WorkOS that'd be preserved through the authentication workflow, passed
             back as a query parameter
             provider (ConnectionType) - Authentication service provider descriptor
 
@@ -67,7 +67,7 @@ def get_authorization_url(
             params["domain"] = domain
 
         if state is not None:
-            params["state"] = json.dumps(state)
+            params["state"] = state
 
         prepared_request = Request(
             "GET",