diff --git a/lib/oidcc/plug/authorize.ex b/lib/oidcc/plug/authorize.ex
index d6a99f2..24b6003 100644
--- a/lib/oidcc/plug/authorize.ex
+++ b/lib/oidcc/plug/authorize.ex
@@ -17,11 +17,6 @@ defmodule Oidcc.Plug.Authorize do
       ]
   end
   ```
-
-  ## Query Params
-
-  * `state` - State to relay to OpenID Provider. Commonly used for target redirect
-    URL after authorization.
   """
   @moduledoc since: "0.1.0"
 
@@ -103,7 +98,8 @@ defmodule Oidcc.Plug.Authorize do
     redirect_uri = opts |> Keyword.fetch!(:redirect_uri) |> evaluate_config()
     client_profile_opts = Keyword.get(opts, :client_profile_opts, %{profiles: []})
 
-    state = Map.get(params, "state", :undefined)
+    state_authenticity = 31 |> :crypto.strong_rand_bytes() |> Base.url_encode64(padding: false)
+    state = state_authenticity <> Map.get(params, "state", "")
     state_verifier = :erlang.phash2(state)
 
     nonce = 31 |> :crypto.strong_rand_bytes() |> Base.url_encode64(padding: false)