|
|
|
|
|
|
by ravenstine
1086 days ago
|
|
|
A malicious actor can do quite a lot in 5 minutes. And now you've got to have your users/services renew their authentication at least every 5 minutes, meaning there has to be some central authentication authority to be renewing through... which completely defeats the whole decentralization thing and is more complicated than just issuing randomized tokens and keeping hashes of those in Redis. At best, you've got a system where a malicious actor doesn't think to renew their token fast enough. |
|
|