OAuth2.0 Server stack how to use state to prevent CSRF? for draft2.0 v20

Question

I am using PHP library for OAuth2.0 v20

In draft20, there is a mention of the use of state to prevent CSRF

So far, my own web app that implements this PHP li

Answer 1

As the "state" is just a random string, making something like this should do the trick:

$state = md5(uniqid(rand(), TRUE));

Just remember to save it in your session so you can check it later on.