undefined | Better HN

0 pointssebazzz1y ago0 comments

So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?

0 comments

faeranne1y ago

looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.

j / k navigate · click thread line to collapse

0 pointssebazzz1y ago0 comments

So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?

0 comments

faeranne1y ago

looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.

j / k navigate · click thread line to collapse