|
|
|
|
|
|
by sebazzz
812 days ago
|
|
|
This isn’t about passwords. The token from the identity server (Google in this case), describes the user, including their identity - which you may use as a link to the user data. If I were to forge an token, I could impersonate the user. For this reason, you need to verify the token with the identity server. |
|
|