|
|
|
|
|
|
by geezerjay
2723 days ago
|
|
|
The JWT specification defines a payload attribute named jti which is used to store the token's nonce/id. To avoid replay attacks, the backend adds the token's nonce to a scratchpad memory when the token is used in order to invalidate the token even if the expiration timestamp isn't reached. If a JWT implementation is implemented to ignore replay attacks or even token expiration, the jti can still be used to invalidate tokens. |
|
|