What is the purpose of the 'state' parameter in OAuth authorization request

Question

In OAuth, the initial authorization request has a state parameter. Apparently it\'s there for security reasons, but I don\'t really understand against what it p

Answer 1

The state parameter is used to protect against XSRF. Your application generates a random string and send it to the authorization server using the state parameter. The authorization server send back the state parameter. If both state are the same => OK. If state parameters are differents, someone else has initiated the request.

The example from Google is maybe clearer: https://developers.google.com/accounts/docs/OAuth2Login?hl=fr#createxsrftoken