diff --git a/lib/omniauth/strategies/oauth2.rb b/lib/omniauth/strategies/oauth2.rb
index 3ffff1b..0d878c4 100644
--- a/lib/omniauth/strategies/oauth2.rb
+++ b/lib/omniauth/strategies/oauth2.rb
@@ -29,6 +29,7 @@ def self.inherited(subclass)
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :state_length, 48
 
       attr_accessor :access_token
 
@@ -49,7 +50,8 @@ def request_phase
       end
 
       def authorize_params
-        options.authorize_params[:state] = SecureRandom.hex(24)
+        state_length = options[:state_length]
+        options.authorize_params[:state] = SecureRandom.hex(state_length / 2 + 1)[0...state_length]
         params = options.authorize_params.merge(options_for("authorize"))
         if OmniAuth.config.test_mode
           @env ||= {}