About arbitrary data

Question

What is arbitrary data ? I found it here https://www.dropbox.com/developers/core/docs#oa2-authorize

 state Up to 200 bytes of arbitrary data that will be passed back to your redirect 
 URI. This parameter should be used to protect against cross-site request forgery 
(CSRF). See Sections 4.4.1.8 and 4.4.2.5 of the OAuth 2.0 threat model spec.

So what types of value I send for state ? I am using nodejs .

Answer 1

"Arbitrary data" means anything. A string, a number, binary data, whatever.

Since it's to be used as a CSRF token, it needs to be an unpredictable value that's associated with the user's session. Here are some guidelines on CSRF tokens.