Getting signed data from the server

Yes, you should, and you can. This is what the Discourse SSO protocol is for. That linked topic is written from the perspective of Discourse authenticating to an external auth provider, but Discourse can also act as the auth provider to a different app (an example of which is the discourse-auth-proxy, using the same protocol.

4 Likes