Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
sebazzz
1y ago
0 comments
Save
Share
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
0 comments
1 comments · 1 top-level
top
newest
oldest
faeranne
1y ago
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.
j
/
k
navigate · click thread line to collapse
