From 21f5c3e73a023d399890d91d84f69c4ac0ea284b Mon Sep 17 00:00:00 2001
From: Hsiaoming Yang <me@lepture.com>
Date: Tue, 10 Dec 2013 10:47:49 +0800
Subject: [PATCH] Add param state in authorize method.
 https://github.com/lepture/flask-oauthlib/pull/63

---
 flask_oauthlib/client.py | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/flask_oauthlib/client.py b/flask_oauthlib/client.py
index 69593b96..3aea1c51 100644
--- a/flask_oauthlib/client.py
+++ b/flask_oauthlib/client.py
@@ -442,8 +442,10 @@ def authorize(self, callback=None, state=None):
         Returns a redirect response to the remote authorization URL with
         the signed callback given.
 
-        :param state: an optional value to embed in the OAuth request. Use this
-        if you want to pass around application state (e.g. CSRF tokens).
+        :param callback: a redirect url for the callback
+        :param state: an optional value to embed in the OAuth request.
+                      Use this if you want to pass around application
+                      state (e.g. CSRF tokens).
         """
         if self.request_token_url:
             token = self.generate_request_token(callback)[0]
@@ -466,11 +468,15 @@ def authorize(self, callback=None, state=None):
                 scope = _encode(scope, self.encoding)
 
             if 'state' in params:
-                state = params.pop('state')
-                if callable(state):
-                    state = state()
-            else:
-                state = None
+                if not state:
+                    state = params.pop('state')
+                else:
+                    # remove state in params
+                    params.pop('state')
+
+            if callable(state):
+                # state can be function for generate a random string
+                state = state()
 
             session['%s_oauthredir' % self.name] = callback
             url = client.prepare_request_uri(