passport-apple
passport-apple copied to clipboard
Verification of incoming token
Hi,
first of all thanks a lot for the work on this package! Looking through the README, I was wondering if jwt.decode(idToken)
is actually the right thing to do, or if it'd make sense to also verify the incoming token?
For now I'm verifying them, is this redundant? I'm not aware of the exact auth flow. Thanks in advance!
Best regards