This repository was archived by the owner on Apr 7, 2020. It is now read-only.
Vulnerable to CSRF attack #36
Description
The implementation uses the the redirect_url as state param. The returned state is never checked anyway. state should be a random nonce to prevent CSRF attacks.