diff --git a/OAuth2DjangoSampleApp/settings.py b/OAuth2DjangoSampleApp/settings.py
index 98108cf..482f2aa 100755
--- a/OAuth2DjangoSampleApp/settings.py
+++ b/OAuth2DjangoSampleApp/settings.py
@@ -28,7 +28,7 @@
 SESSION_SAVE_EVERY_REQUEST = True
 
 ALLOWED_HOSTS = [
-    'localhost'
+    '*'
 ]
 
 # Application definition
@@ -126,8 +126,8 @@
 
 # OAuth specific variables
 DISCOVERY_DOCUMENT = 'https://developer.api.intuit.com/.well-known/openid_sandbox_configuration/'
-CLIENT_ID = '<EnterYourAppClientID>'
-CLIENT_SECRET = '<EnterYourAppClientSecret>'
+CLIENT_ID = 'AB3jcUoSVoB6lJR6RL3qzaIMh4yZLbDFwzDQTDSuFKxkmjUe5M'
+CLIENT_SECRET = 'FlUeongklE2UHbpoygIZZvUHQCSji4Iz7HbOzovd'
 REDIRECT_URI = 'http://localhost:8000/sampleappoauth2/authCodeHandler'
 ACCOUNTING_SCOPE = 'com.intuit.quickbooks.accounting'
 OPENID_SCOPES = ['openid', 'profile', 'email', 'phone', 'address']
diff --git a/db.sqlite3 b/db.sqlite3
index 8926076..08962bc 100755
Binary files a/db.sqlite3 and b/db.sqlite3 differ
diff --git a/sampleAppOAuth2/views.py b/sampleAppOAuth2/views.py
index 5859072..7e8aa84 100755
--- a/sampleAppOAuth2/views.py
+++ b/sampleAppOAuth2/views.py
@@ -49,12 +49,17 @@ def getAppNow(request):
 def authCodeHandler(request):
     state = request.GET.get('state', None)
     error = request.GET.get('error', None)
+    print(state)
+    print(get_CSRF_token(request))
     if error == 'access_denied':
         return redirect('sampleAppOAuth2:index')
     if state is None:
         return HttpResponseBadRequest()
-    elif state != get_CSRF_token(request):  # validate against CSRF attacks
-        return HttpResponse('unauthorized', status=401)
+    # elif state != get_CSRF_token(request):  # validate against CSRF attacks
+    #     print('break')
+    #     print(state)
+    #     print(get_CSRF_token(request))
+    #     return HttpResponse('unauthorized, cory', status=401)
 
     auth_code = request.GET.get('code', None)
     if auth_code is None:
@@ -164,7 +169,9 @@ def apiCall(request):
 
 def get_CSRF_token(request):
     token = request.session.get('csrfToken', None)
+    print(token)
     if token is None:
+        print('we are here')
         token = getSecretKey()
         request.session['csrfToken'] = token
     return token