There’s a link in the second paragraph to the technical details, including source code for the implementation and documentation for the required infrastructure.
But the tl;dr is that the tokens aren’t associated to your account. Unless you were able to snoop on the original request that generated the tokens (in which case, you’ve got bigger issues!), there’s no way to prove that a token is related to a specific account. A token only proves that an authorization server once granted access to some account.
Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself.
Log into browser extension with kagi account
generate tokens
use said tokens
How does this ensure privacy? The tokens are associated to your account from the start.
There’s a link in the second paragraph to the technical details, including source code for the implementation and documentation for the required infrastructure.
But the tl;dr is that the tokens aren’t associated to your account. Unless you were able to snoop on the original request that generated the tokens (in which case, you’ve got bigger issues!), there’s no way to prove that a token is related to a specific account. A token only proves that an authorization server once granted access to some account.
Edit: Wikipedia has a good intro: