You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need all requests to the backend to be authenticated before processing. This prevents a malicious actor from claiming they're user_id=x when they actually aren't.
During the create user flow, generate an asymmetric key pair when the fcm token is created. Store those keys in the same location on the device that the fcm (and later user_id) is stored.
Send the public key to the backend service in the create user call.
For all subsequent calls, sign the request contents with the private key.
The backend services will verify that the requests are actually coming from the given user.
The text was updated successfully, but these errors were encountered:
We need all requests to the backend to be authenticated before processing. This prevents a malicious actor from claiming they're user_id=x when they actually aren't.
The text was updated successfully, but these errors were encountered: