That's called overreach. Absolutely massive overreach. To go one step further, do you also want to prove that my house has no windows, so "attackers" can't see what you show me?
Trust is trust, not proof. Asking someone to prove to you something is to say that you are not trusting them! It's like asking your spouse to prove that he/she is not cheating on you --- and we don't find that acceptable in the physical world either. The whole idea of trusting someone is that you do not have to constantly monitor and enforce what they're doing. I elaborated more about this "destruction of trust" here: https://news.ycombinator.com/item?id=32283134
You may say that you want to be able to steal this token for yourself
The fact that you're calling it "stealing" is also insane. As soon as that token leaves your system, it is no longer yours.
While I can trust most of my users to not try and steal an authentication token there are always a small number of people who I will. Being able to prove to me that you can't steal a token improves the security of my service.
>Asking someone to prove to you something is to say that you are not trusting them!
Unfortunately, I do not trust everyone it the world. While there are some people I can trust, my service is marketed to a large number of people who I may not trust. If my service was for just my friends I wouldn't need proof and I could just trust them.
>As soon as that token leaves your system, it is no longer yours.
No, in the real world when you take your company laptop home it doesn't automatically became your property. Knish because I send a taken to a client running on your device it doesn't mean that you can do whatever you want with that token.