Matthew Garrett ([personal profile] mjg59) wrote 2022-05-18 08:49 pm (UTC)

Re: FIDO2 ?

The cryptographic identity tied to the token can live anywhere, yeah - the question is how to make good use of it. You don't want to have to re-auth on every API call, so presumably if you want to use a proof-of-presence crypto exchange you'd exchange the bearer token for a session cookie that's tied to the IP address (to prevent exfil) and then force re-validation whenever the IP address changes?
(14 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.