[Security] Support for the :state parameter required with omniauth-oauth2 v1.1

[ZenCocoon]

Hi,

A few days ago, a security update has been made to omniauth-oauth2, this one uses the :state parameter to mitigate CSRF. https://github.com/intridea/omniauth-oauth2/pull/18

However, it seem that devise_oauth2_providable doesn't handle this parameter as expected as it doesn't send it back in the callback.

A similar issue seems to be faced at https://github.com/intridea/omniauth-oauth2/issues/20

[adampope]

+1 to this. Would love to see a fix.

[karlfreeman]

:+1:

[ZenCocoon]

Anyone having time to make a pull request?