Implement state parameter, generate random string for verification

lib/strategy.js

@@ -31,12 +31,20 @@ util.inherits(Strategy, OAuth2Strategy);
  */
 Strategy.prototype.authorizationParams = function(options) {
     var params = {};
-    if (options.action) { params['action'] = options.action; }
+
+    if (options.action) {
+      params['action'] = options.action;
+    }
+
     // This is just to get around a temporary bug of Webmaker calling "scope" as "scopes" and therefore rejecting "scope".
     if (options.scope) {
       params['scopes'] = options.scope;
       options.scope = null;
     }
+
+    //TODO: Implement state verification, to prevent CSRF attacks
+    options.state = options.state || Math.random().toString(36).substring(2, 8);
+
     return params;
 };