Question: Shouldn't this process involve the server side?

[raymondcarl]

Hi,

First, thank you for creating this package because I didn't really find the tutorials on the web helpful and having a package like this is really helpful.

I finally got it to work after having some issues with trying to redirect to localhost:3000. But, now I'm reviewing how this flow works. I know that Github issues are not the place for questions, but for lack of a better place because of how specific it is.... The whole process seems to run on the client side. Are you not limited by what you can do in terms of limiting server to client data flows?

I was trying to implement something like this, but most of the tutorials center around node.js.

By running everything on the client side, how does the server "trust" the token from the client side?

Apologies if none of this makes any sense.....