//nefariousplan
pattern·draft·1 exhibit

Out Of Band, Also In Band

A flow whose security depends on the secret traveling only over a trusted side channel (email, SMS, push) is implemented by a service function that hands the same mutable object to the side-channel sender and to the in-band HTTP response. The "out of band only" promise collapses into "out of band, also in band."