I have been using DotNetOpenAuth v3.5.0.10357 for about a year now and finally decided

Question

0

Asked: June 6, 20262026-06-06T18:21:46+00:00 2026-06-06T18:21:46+00:00

I have been using DotNetOpenAuth v3.5.0.10357 for about a year now and finally decided

0

I have been using DotNetOpenAuth v3.5.0.10357 for about a year now and finally decided to upgrade to v4.0.1.12097. In doing so, I noticed the RequestUserAuthorization method no longer accepts a state parameter.

//v3.5.0.10357
WebServerClient:RequestUserAuthorization(IEnumerable<string> scope = null, string state = null, Uri returnTo = null);

//v4.0.1.12097
WebServerClient:RequestUserAuthorization(IEnumerable<string> scope = null, Uri returnTo = null);

Facebook documentation, mentions this helps guard against Cross-site Request Forgery. What was the reasoning for the removal?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T18:21:47+00:00

Editorial Team

2026-06-06T18:21:47+00:00Added an answer on June 6, 2026 at 6:21 pm

Well, after a bit more digging I found out why it was removed. DotNetOpenAuth does state checking internally (EndUserAuthorizationRequest.ClientState), leaving one less thing for us to worry about. Nicely done!

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have been using DotNetOpenAuth v3.5.0.10357 for about a year now and finally decided

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply