|
|
|
|
|
|
by zulvkr
1255 days ago
|
|
|
Storing state in JWT is easy way to share state, such as user permission, between different server. But state in JWT can be outdated due to permission changes and you it's not possible to just expire it as it's stored in client. To solve the problem, more complex auth setup is needed such as using short lived JWT, refresh token, which feels more like a bandaid to make JWT sufficiently secure |
|
|