|
|
|
|
|
|
by jwally
790 days ago
|
|
|
tbh, I haven't worked with JWT's a _ton_, so apologies if there's an _obvious_ better way to do something, lol. I think you're right. Just sign the JWT that's going over as a header (as its a string), and add a signature from the webcrypto pieces - and BAM! you can verify that the jwt came from who it was originally assigned to...unless I'm missing something. |
|
|