Facebook authentication documentation (Last section in http://developers.facebook.com/docs/authentication/) indicates that a state parameter should be passed through and validated during the OAuth2 dance as a security precaution.
I don't see that the ProviderSignInController accomplishes this. Is this ability built into spring social? If yes, how do I configure it to send and confirm the state parameter. If not, how do I minimally accomplish it (and will a future release provide this functionality)?
Thanks in advance for the replies.