diff --git a/Yesod/Auth/OAuth2.hs b/Yesod/Auth/OAuth2.hs
--- a/Yesod/Auth/OAuth2.hs
+++ b/Yesod/Auth/OAuth2.hs
@@ -24,6 +24,7 @@
 
 import Control.Exception.Lifted
 import Control.Monad.IO.Class
+import Control.Monad (unless)
 import Data.ByteString (ByteString)
 import Data.Monoid ((<>))
 import Data.Text (Text, pack)
@@ -35,7 +36,6 @@
 import System.Random
 import Yesod.Auth
 import Yesod.Core
-import Yesod.Form
 
 import qualified Data.ByteString.Lazy as BL
 import qualified Data.ByteString.Char8 as C8
@@ -98,22 +98,23 @@
         lift $ redirect authUrl
 
     dispatch "GET" ["callback"] = do
-        newToken <- lookupGetParam "state"
+        csrfToken <- requireGetParam "state"
         oldToken <- lookupSession tokenSessionKey
         deleteSession tokenSessionKey
-        case newToken of
-            Just csrfToken | newToken == oldToken -> do
-                code <- lift $ runInputGet $ ireq textField "code"
-                oauth' <- withCallback csrfToken
-                master <- lift getYesod
-                result <- liftIO $ fetchAccessToken (authHttpManager master) oauth' (encodeUtf8 code)
-                case result of
-                    Left _ -> permissionDenied "Unable to retreive OAuth2 token"
-                    Right token -> do
-                        creds <- liftIO $ getCreds (authHttpManager master) token
-                        lift $ setCredsRedirect creds
-            _ ->
-                permissionDenied "Invalid OAuth2 state token"
+        unless (oldToken == Just csrfToken) $ permissionDenied "Invalid OAuth2 state token"
+        code <- requireGetParam "code"
+        oauth' <- withCallback csrfToken
+        master <- lift getYesod
+        result <- liftIO $ fetchAccessToken (authHttpManager master) oauth' (encodeUtf8 code)
+        case result of
+            Left _ -> permissionDenied "Unable to retreive OAuth2 token"
+            Right token -> do
+                creds <- liftIO $ getCreds (authHttpManager master) token
+                lift $ setCredsRedirect creds
+          where
+              requireGetParam key = do
+                  m <- lookupGetParam key
+                  maybe (permissionDenied $ "'" <> key <> "' parameter not provided") return m
 
     dispatch _ _ = notFound
 
diff --git a/Yesod/Auth/OAuth2/Github.hs b/Yesod/Auth/OAuth2/Github.hs
--- a/Yesod/Auth/OAuth2/Github.hs
+++ b/Yesod/Auth/OAuth2/Github.hs
@@ -35,6 +35,7 @@
     , githubUserName :: Maybe Text
     , githubUserLogin :: Text
     , githubUserAvatarUrl :: Text
+    , githubUserLocation :: Text
     }
 
 instance FromJSON GithubUser where
@@ -43,6 +44,7 @@
         <*> o .:? "name"
         <*> o .: "login"
         <*> o .: "avatar_url"
+        <*> o .: "location"
 
     parseJSON _ = mzero
 
@@ -96,6 +98,7 @@
         [ ("email", githubUserEmail $ head userMail)
         , ("login", githubUserLogin user)
         , ("avatar_url", githubUserAvatarUrl user)
+        , ("location", githubUserLocation user)
         , ("access_token", decodeUtf8 $ accessToken token)
         ] ++ maybeName (githubUserName user)
     }
diff --git a/test/Spec.hs b/test/Spec.hs
new file mode 100644
--- /dev/null
+++ b/test/Spec.hs
@@ -0,0 +1,1 @@
+{-# OPTIONS_GHC -F -pgmF hspec-discover #-}
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -1,5 +1,5 @@
 name:            yesod-auth-oauth2
-version:         0.1.5
+version:         0.1.6
 license:         BSD3
 license-file:    LICENSE
 author:          Tom Streller
@@ -8,7 +8,7 @@
 description:     Library to authenticate with OAuth 2.0 for Yesod web applications.
 category:        Web
 stability:       Experimental
-cabal-version:   >= 1.6
+cabal-version:   >= 1.8
 build-type:      Simple
 homepage:        http://github.com/thoughtbot/yesod-auth-oauth2
 
@@ -26,8 +26,8 @@
                    , bytestring              >= 0.9.1.4
                    , http-client             >= 0.4.0     && < 0.5
                    , http-conduit            >= 2.0       && < 3.0
-                   , http-types              >= 0.8       && < 0.9
-                   , aeson                   >= 0.6       && < 0.10
+                   , http-types              >= 0.8       && < 0.10
+                   , aeson                   >= 0.6       && < 0.11
                    , yesod-core              >= 1.2       && < 1.5
                    , authenticate            >= 1.3.2.7   && < 1.4
                    , random
@@ -35,7 +35,7 @@
                    , text                    >= 0.7       && < 2.0
                    , yesod-form              >= 1.3       && < 1.5
                    , transformers            >= 0.2.2     && < 0.5
-                   , hoauth2                 >= 0.4.7     && < 0.5
+                   , hoauth2                 >= 0.4.7     && < 0.6
                    , lifted-base             >= 0.2       && < 0.4
                    , vector                  >= 0.10      && < 0.12
 
@@ -50,6 +50,15 @@
 
     ghc-options:     -Wall
 
+test-suite test
+  type:              exitcode-stdio-1.0
+  main-is:           Spec.hs
+  hs-source-dirs:    test
+  ghc-options:       -Wall
+  build-depends:   base
+                 , yesod-auth-oauth2
+                 , hspec
+
 source-repository head
   type:     git
-  location: https://github.com/thoughtbot/authenticate-oauth2.git
+  location: https://github.com/thoughtbot/yesod-auth-oauth2.git
