OAuth2.0 Server stack how to use state to prevent CSRF? for draft2.0 v20
问题 I am using PHP library for OAuth2.0 v20 In draft20, there is a mention of the use of state to prevent CSRF So far, my own web app that implements this PHP library allows the following: 3 legged authentication using Authorization Code Request 2 legged authentication using Resource Owner Credentials Grant a Request that refreshes an access token Do I need to use state for all of the 3 situations above? If so, what is a good example of "state"? what makes a good "state"? Any ideal length? Any