diff --git a/apps/remoteStorage/appinfo/webfinger.php b/apps/remoteStorage/appinfo/webfinger.php
index 9173ed54c9e5a4a21426b5f105c97a2d46270829..1cb2d45ee7ac60bef50778f5c47081a456f8693a 100644
--- a/apps/remoteStorage/appinfo/webfinger.php
+++ b/apps/remoteStorage/appinfo/webfinger.php
@@ -3,6 +3,6 @@
         rel="remoteStorage"
         template="<?php echo WF_BASEURL; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/"
         api="WebDAV"
-        auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php/<?php echo WF_USER; ?>">
+        auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php&userid=<?php echo WF_USER; ?>">
     </Link>
 <?php } ?>
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index 502bfc0b33bacab451b374ad65939489d519140f..2fd5011d9f465a2f56ec03d1d39681a7b280de27 100755
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -29,19 +29,8 @@
 // Do not load FS ...
 $RUNTIME_NOSETUPFS = true;
 
-require_once('../../lib/base.php');
-
-require_once('../../lib/user.php');
-require_once('../../lib/public/user.php');
-
-require_once('../../lib/app.php');
-require_once('../../lib/public/app.php');
-
-require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php');
-require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php');
-require_once('../../lib/connector/sabre/auth.php');
-
 OCP\App::checkAppEnabled('remoteStorage');
+require_once('Sabre/autoload.php');
 require_once('lib_remoteStorage.php');
 require_once('oauth_ro_auth.php');
 
@@ -49,32 +38,27 @@ ini_set('default_charset', 'UTF-8');
 #ini_set('error_reporting', '');
 @ob_clean();
 
-$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
-$pathParts =	explode('/', $path);
-
-if(count($pathParts) == 2 && $pathParts[0] == '') {
-	//TODO: input checking. these explodes may fail to produces the desired arrays:
-	$subPathParts = explode('?', $pathParts[1]);
-	$ownCloudUser = $subPathParts[0];
-	foreach($_GET as $k => $v) {
-		if($k=='user_address'){
-			$userAddress=$v;
-		} else if($k=='redirect_uri'){
-			$appUrlParts=explode('/', $v);
-		$appUrl = $appUrlParts[2];//bit dodgy i guess
-		} else if($k=='scope'){
-			$categories=$v;
-		}
-	}
-	$currUser = OCP\USER::getUser();
-	if($currUser == $ownCloudUser) {
-		if(isset($_POST['allow'])) {
-			//TODO: check if this can be faked by editing the cookie in firebug!
-			$token=OC_remoteStorage::createCategories($appUrl, $categories);
-			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
-		} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
-			header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
-		} else {
+foreach($_GET as $k => $v) {
+  if($k=='userid'){
+    $userId=$v;
+  } else if($k=='redirect_uri'){
+    $appUrlParts=explode('/', $v);
+    $appUrl = $appUrlParts[2];//bit dodgy i guess
+  } else if($k=='scope'){
+    $categories=$v;
+  }
+}
+$currUser = OCP\USER::getUser();
+if($userId && $appUrl && $categories) {
+  if($currUser == $userId) {
+    if(isset($_POST['allow'])) {
+      //TODO: check if this can be faked by editing the cookie in firebug!
+      $token=OC_remoteStorage::createCategories($appUrl, $categories);
+      header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
+    } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
+      header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
+    } else {
+      //params ok, logged in ok, but need to click Allow still:
 ?>
 <!DOCTYPE html>
 <html>
@@ -125,22 +109,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
 	</body>
 </html>
 <?php
-		}
-	} else {
-		if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
-			$url = "https://";
-		} else {
-			$url = "http://";
-		}
-		$url .= $_SERVER['SERVER_NAME'];
-		$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
+		}//end 'need to click Allow still'
+	} else {//login not ok
 		if($currUser) {
-			die('You are logged in as '.$currUser.' instead of '.$ownCloudUser);
+			die('You are logged in as '.$currUser.' instead of '.$userId);
 		} else {
 			header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
 		}
 	}
-} else {
-	//die('please use auth.php/username?params. '.var_export($pathParts, true));
-	die('please use auth.php/username?params.');
+} else {//params not ok
+	die('please use e.g. /?app=remoteStorage&getfile=auth.php&userid=admin');
 }