oauth2: minor clarification to function comment

Change-Id: I547bad73aae9130aac7dfa66a391661ed630c513
Reviewed-on: https://go-review.googlesource.com/88157
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/oauth2.go b/oauth2.go
index 7234e00..a047a5f 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -117,7 +117,7 @@
 // that asks for permissions for the required scopes explicitly.
 // State is a token to protect the user from CSRF attacks. You must
-// always provide a non-zero string and validate that it matches the
+// always provide a non-empty string and validate that it matches the
 // the state query parameter on your redirect callback.
 // See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.