Google OAuth 2.0 redirect_uri with several parameters

The state parameter is used to prevent CSRF attacks during the OAuth flow. You have to set a token in the state parameter when initiating the flow and you should check if you get back the same token in the state parameter when your redirect_uri is hit. Don’t do what is done in this answer. A session based solution is probably what you should look at.

https://stackoverflow.com/questions/7722062/google-oauth-2-0-redirect-uri-with-several-parameters