Hello, Randall! Very interesting! I'd like to know, what do you recommend for static only websites? I want a stateless static website that consumes an aws lambda API. My users log in to a third party Identity Provider. This returns an IdToken and an Access token, these are verified by the lambda function with the Identity Provider, but yeah, you're right, there's no way to prove the token was not stolen...
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.