I'm trying to setup a simple Oauth2 login authentication. However I'm stuck at the callback that throws the following exception:

   [ProtocolException: Unexpected OAuth authorization response received with callback and client state that does not match an expected value.]
   DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String unformattedMessage, Object[] args) +426
   DotNetOpenAuth.OAuth2.WebServerClient.ProcessUserAuthorization(HttpRequestBase request) +771

The exact same problem is discussed over here

In my case the SessionID remains the same, but the DotNetOpenAuth.WebServerClient.XSRF-Session cookie changes it's value at the callback.

Implementation:

    public void Authorize(HttpRequest request)
    {
        string callbackString = request.Url.AbsoluteUri;
        Uri callbackUri = new Uri(callbackString);;

        IAuthorizationState authorization = nimbleClient.ProcessUserAuthorization();

        if (authorization == null)
        {
            // Kick off authorization request
            nimbleClient.RequestUserAuthorization(returnTo: callbackUri);
        }
        else
        {
            //Get AccesToken
            Uri.EscapeDataString(authorization.AccessToken);
        }

Have you declared your cookie as constant, like below:

private const string XsrfCookieName = "DotNetOpenAuth.WebServerClient.XSRF-Session"

This would help to maintain the value even at callback.