|
|
|
|
|
|
by indeyets
2521 days ago
|
|
|
As long as all supposed consumers of JWT are on my infrastructure I prefer to make all tokens revokable. Tokens TTL is smaller than 1 hour so I keep 1 hour worth of revocations on all servers (pushed via queue). If key is on list it is refused (without database hits) |
|
|