Please read for an updated status on RailsCasts:
Learn more or hide this
GitHub User: BonusMop
Hopefully an easy question, but I haven't worked out the answer yet.
If someone knows my UID and the callback URL, what is to prevent them from skipping the actual authentication to log in as me? There must be some other piece of information in the request that lets me validate the source?