Hopefully an easy question, but I haven't worked out the answer yet.
If someone knows my UID and the callback URL, what is to prevent them from skipping the actual authentication to log in as me? There must be some other piece of information in the request that lets me validate the source?
Hopefully an easy question, but I haven't worked out the answer yet.
If someone knows my UID and the callback URL, what is to prevent them from skipping the actual authentication to log in as me? There must be some other piece of information in the request that lets me validate the source?