diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index 12faaf9bc1d5042540b0412a9932c23148c534cc..7158e29dd2226b25178cc24372dfabe3935624b9 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -9,6 +9,10 @@ class AuthorizationsController < ApplicationController
   skip_before_filter :verify_authenticity_token, :only => :token
 
   def new
+    if params[:uid] && params[:uid] != current_user.username
+      sign_out current_user
+      redirect_to request.url
+    end
     @requested_scopes = params["scope"].split(',')
     @client = oauth2_authorization_request.client
 
diff --git a/spec/chubbies/app.rb b/spec/chubbies/app.rb
index efc64b0292bc4e9bfa261337626a2887753c723d..0e75311d9ea3de700c95978df7ca21bed8e32880 100644
--- a/spec/chubbies/app.rb
+++ b/spec/chubbies/app.rb
@@ -72,9 +72,6 @@ module Chubbies
       '/account?id=1'
     end
 
-    def account_const
-      User
-    end
     def create_account(hash)
       hash[:username] = hash.delete(:diaspora_id)
       account_const.create(hash)
diff --git a/spec/controllers/authorizations_controller_spec.rb b/spec/controllers/authorizations_controller_spec.rb
index 1458343aa55d02c8bf9e38cab8aaec7e6603ac21..5fedf021132bf83ff9f676abaedeaf74efa6d655 100644
--- a/spec/controllers/authorizations_controller_spec.rb
+++ b/spec/controllers/authorizations_controller_spec.rb
@@ -31,6 +31,34 @@ describe AuthorizationsController do
       }
   end
 
+  describe '#new' do
+    before do
+      @app = Factory.create(:app, :name => "Authorized App")
+      @params = {
+        :scope => "profile",
+        :redirect_uri => @manifest['application_base_url'] << '/callback',
+        :client_id => @app.oauth_identifier,
+        :uid => alice.username
+      }
+    end
+    it 'succeeds' do
+      get :new, @params
+      response.should be_success
+    end
+
+    it 'logs out the signed in user if a different username is passed' do
+      @params[:uid] = bob.username
+      get :new, @params
+      response.location.should include(oauth_authorize_path)
+    end
+
+    it 'it succeeds if no uid is passed' do
+      @params[:uid] = nil
+      get :new, @params
+      response.should be_success
+    end
+  end
+
   describe '#token' do
     before do
       packaged_manifest = {:public_key => @public_key.export, :jwt => JWT.encode(@manifest, @private_key, "RS256")}.to_json