I don’t know what else to say - maybe the macaroonjs documentation is wrong? Full quote:
> nothing stops discharge macaroons from containing embedded first- or third-party caveats for the verifier to consider during verification.
So the user requests discharge tokens on his own, but the discharge tokens have to be verified by _my_ server and might contains nested third-party caveats which I’ll have to verify.
> nothing stops discharge macaroons from containing embedded first- or third-party caveats for the verifier to consider during verification.
So the user requests discharge tokens on his own, but the discharge tokens have to be verified by _my_ server and might contains nested third-party caveats which I’ll have to verify.