diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index cc84e99..eb9096d 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -14,4 +14,5 @@ en:
     oauth2_send_auth_header: "Send the token as an HTTP Authorization header"
     oauth2_debug_auth: "Include rich debugging information in your logs"
     oauth2_authorize_options: "When authorizing request these options"
+    oauth2_ignore_state: "Don't validate the state parameter. This will be removed shortly!"
 
diff --git a/config/settings.yml b/config/settings.yml
index 1a73d22..644caaf 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -14,6 +14,7 @@ login:
   oauth2_email_verified: false
   oauth2_send_auth_header: true
   oauth2_debug_auth: false
+  oauth2_ignore_state: true
   oauth2_authorize_options:
     default: 'scope'
     type: list
diff --git a/plugin.rb b/plugin.rb
index 22c6e22..9166d5f 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -29,7 +29,7 @@ class OAuth2BasicAuthenticator < ::Auth::OAuth2Authenticator
                         opts = env['omniauth.strategy'].options
                         opts[:client_id] = SiteSetting.oauth2_client_id
                         opts[:client_secret] = SiteSetting.oauth2_client_secret
-                        opts[:provider_ignores_state] = true
+                        opts[:provider_ignores_state] = SiteSetting.oauth2_ignore_state
                         opts[:client_options] = {
                           authorize_url: SiteSetting.oauth2_authorize_url,
                           token_url: SiteSetting.oauth2_token_url