CSRF prevention when using redirect method #498
Description
Hi there, thanks for making this library!
I have decided to implement the sign in flow for my application using the redirect method - I'm wondering what the preferred way of setting and verifying CSRF state in this case is, and how it can be done with this library. What I want to do is have it first redirect to a server side URL that I control (where I can set a CSRF state cookie), and then redirect to the Facebook login flow. It looks like if I do this, then I might not be able to use this library - is there some way that support could be added for this kind of "pre-redirect"?
If you're receptive to the idea, I could suggest something and submit a PR.