diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
index d5e22f4..b5942c1 100644
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -69,9 +69,11 @@ public class AuthChecker {
 
     /**
      * 校验回调传回的state
+     *
+     * @param state {@code state}一定不为空
      */
     public static void checkState(String state) {
-        if (!AuthStateCache.containsKey(state)) {
+        if (StringUtils.isEmpty(state) || !AuthStateCache.containsKey(state)) {
             throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
         }
     }