Please make State parameter configurable

Hello,

Please consider to make State parameter configurable. The current logic of the class is great indeed and I believe it should stay as it is further but with little more flexibility using condition IF for the state parameter. For example if to use own encode/decode algorithm instead of php session. Therefore would be really good to use state value just with own parameters (where I can wrap the timestamp as well for checking that later to prevent repetition attacks).

Would be really good to add to your class empty state option $client->state = '' (similar to $client->scope = '') -> if $client->state = '' (empty) then class will be using build-in random session ($_SESSION['OAUTH_STATE']) otherwise use the defined value.

Thanks

Hi, I totally agree.

We don't use php built-in sessions, so I'd really appreciate if state could be generated elsewhere and then used as a key in our own DB table.

Thanks

Since I had the same issue with Facebook soon enforcing "strict" authorization (or being mandatory if you want to access instagram datas)

You can override state using the session variable :
$_SESSION['OAUTH_STATE'] = "{mystate=myvalue}";

It is working with a Facebook Auth, I did not try it with anything else.