Sign in through GitHub

RailsCasts Pro episodes are now free!

Learn more or hide this

BonusMop's Profile

GitHub User: BonusMop

Comments by

Avatar

Hopefully an easy question, but I haven't worked out the answer yet.

If someone knows my UID and the callback URL, what is to prevent them from skipping the actual authentication to log in as me? There must be some other piece of information in the request that lets me validate the source?