CSRF With Google Client PHP Authentication Flow

     

I am integrating Google Sign in with Open ID. The documentation says that I need to create an anti-forgery state token. I have read several references about CSRF (Sitepoint StackOverflow Shiflett) and a couple more. I can't finish understanding how I am supposed to implement this solution.


I am pretty sure that I haven't understood properly the concept but I am trying hard. This is the process that I have coded so far:


//INCLUDE PHP CLIENT LIBRARY  require_once 'vendor/autoload.php';
$scopes = array('email'