diff --git a/examples/tester.rs b/examples/tester.rs
index 455db27..ec10827 100644
--- a/examples/tester.rs
+++ b/examples/tester.rs
@@ -25,7 +25,11 @@ async fn main() {
         match cmd[0] {
             "echo" => println!("ok\t{}", cmd[1]),
             "auth" => match client.start_auth(&cmd[1]).await {
-                Ok(url) => println!("ok\t{}", url),
+                Ok(mut url) => {
+                    url.query_pairs_mut()
+                        .append_pair("state", cmd.get(2).cloned().unwrap_or_default());
+                    println!("ok\t{}", url);
+                }
                 Err(err) => println!("err\t{}", err),
             },
             "verify" => match client.verify(&cmd[1]).await {
diff --git a/src/lib.rs b/src/lib.rs
index 6fc5f48..4f8be1c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -255,6 +255,9 @@ impl Client {
     /// If performing the redirect in the HTTP response, the recommended method is to send a 303
     /// HTTP status code with the `Location` header set to the URL. But other solutions are
     /// possible, such as fetching this URL using a request from client-side JavaScript.
+    ///
+    /// The caller may add a `state` query parameter to the returned URL, which is passed verbatim
+    /// to the redirect URI after the user returns.
     pub async fn start_auth(&self, email: &str) -> Result<Url, StartAuthError> {
         let discovery = self
             .store