Y
Hacker News
new
|
ask
|
show
|
jobs
by
bob1029
936 days ago
In our case this is fine. The URL doesn't pass any claims. It is opaque client state bound to a specific identity which is validated by other means.