GitHub - benmanns/token-bandit: A proof-of-concept app demonstrating a (patched) CSRF attack on Heroku's SSO for add-on providers.

`kensa create my_addon --template sinatra`

this repository is a sinatra template application for use with the Heroku kensa gem

clone it via:

> gem install kensa
> kensa create my_addon --template sinatra
> cd my_addon
> bundle install
> foreman start

In a new window:

> cd my_addon
> kensa test provision
> kensa sso 1

And you should be in a Heroku Single Sign On session for your brand new addon!