Y
Hacker News
new
|
ask
|
show
|
jobs
by
mgraczyk
752 days ago
You can do what Google and everyone else does, which is store the revoked tokens. At scale this is easy to do efficiently and rarely requires a network request since the number of revoked unexpired tokens is small.
1 comments
andoando
752 days ago
How does infrequentcy of revoked tokens reduce requests? Dont you have to check every token to see if its revoked?
Or Do all the server instances store a copy of all revoked tokens in memory/local db?
link
mgraczyk
752 days ago
All the servers can store a copy or a bloom filter because the number of revoked tokens is small and doesn't change often
link
Or Do all the server instances store a copy of all revoked tokens in memory/local db?