Y
Hacker News
new
|
ask
|
show
|
jobs
by
sebazzz
491 days ago
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
1 comments
faeranne
491 days ago
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.
link