|
|
|
|
|
|
by tialaramex
2116 days ago
|
|
|
If you have a federated and perhaps also heterogeneous system then "Just use a database" isn't the easy option. Think about all the people/organisations that emit tokens you trust, or trust tokens you emit. Would they fit in an elevator? A meeting room? A conference venue? If the code that mints all your JWTs and the code that verifies them are two methods in a class running in the same service and maintained by the same team, that's a sign you probably didn't need JWTs and an opaque token was more likely what you should use. |
|
|