Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

BonusMop's Profile

GitHub User: BonusMop

Comments by

Avatar

Hopefully an easy question, but I haven't worked out the answer yet.

If someone knows my UID and the callback URL, what is to prevent them from skipping the actual authentication to log in as me? There must be some other piece of information in the request that lets me validate the source?