GitHub User: makaroni4
Very useful, thanks, Ryan!!!
Real life example of similar auth you can find at http://gistflow.com (open source).
Famous Egor Homyakov hacked us using bug described here:
The thing is that if you store auth_token in cookies csrf protection will not work.
Good luck everyone with safe auth :)