Comment by sebazzz
1 year ago
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
1 year ago
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.