Hi everyone, I'm experimenting with a self-hosted Firefox syncserver and auth server stack, which is working fine so far. I wonder, however, how the syncserver verifies the account assertions it gets from the browser / auth server. As I have not configured any auth-server-related information in the syncserver.ini, I doubt there is any verification at all - is that correct? Does that mean the syncserver trusts assertions created by _any_ auth server, not just the one I am hosting? If so, how can I restrict the verification in such a way that only assertions from my own auth server will be accepted?
Note: I am using a local BrowserID verifier, configured in syncserver.ini as follows: [browserid] backend = tokenserver.verifiers.LocalVerifier audiences = https://<my-syncserver-url> Kind regards Nikolaus
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
