|
|
|
|
|
|
by jankboy
754 days ago
|
|
|
Yes if the JWT token can only become invalid based on an expiration time. You can add the expiration time in the token and check it during authentication. No if the token can become invalid due to other reasons because lets say the user deletes the token because it got leaked. But since you have no way of invalidating the token other than changing the encryption key, you can't selectively invalidate that one token. |
|
|