|
|
|
|
|
|
by zeveb
3175 days ago
|
|
|
> But the grandparent actually mentions the short-lived approach, and is asking about cases where you want to have longer-lived tokens. And where you still want to be able to revoke them. If that's actually what you want, then of course you want online-validated tokens. But I think generally it's not what you actually want: you actually want short-lived self-validating access tokens and online-validated tokens. Note that talking about an online-validated token's lifespan is a little silly: there's no good reason for it not to live forever (until revoked). |
|
|