IdentityServer4: combo of response_mode=form_post and state protection not working

I am using latest 3.14.0 release and have trouble setting up following provider:

Providers.IdentityServer4({
      id: 'identity-server4',
      name: 'IdentityServer4',
      scope: 'openid profile email offline_access',
      domain: XXX,
      clientId: XXX,
      clientSecret: XXX,
      authorizationParams: {
        prompt: 'login',
        response_mode: 'form_post'
      }
    })

When setting response_mode to 'form_post' (which enforces the IdP to send the data back via POST instead of GET https://identityserver4.readthedocs.io/en/latest/endpoints/authorize.html) I run into several issues. GET method works fine, but pen-test team insists to use POST.

First is the fact, that state-handler accepts only state passed in query https://github.com/nextauthjs/next-auth/blob/main/src/server/lib/oauth/state-handler.js#L19

Whenever I change it to:

const state = req.query.state || req.body.state;

I am able to get a step further, to next issue. It appears that the existing and expected state calculation is somehow wrong:

[next-auth][debug][oauth_callback_protection] Comparing received and expected state {
  state: 'c064b8b9ff3df38f8b3a8ce260cc5e9fc1c7dfcfe855c19da38863e207b63a55',
  expectedState: '226418f7beb8a5a755f6fb0b42dfad47c75b84130b6bbeec0d3474af6c03f5f0'
}

Does anyone have a similar setup and experience similar issues?