|
|
|
|
|
|
by motorest
435 days ago
|
|
|
> If there is a deny list, and you have multiple services, you either do need to sync it or have a service fully responsible for this, and this does come with the burden of dealing with consistency guarantees (...) No. Revocation is typically implemented as a shortcut to token expiration. Token expiration involves a grace period. The goal is to arbitrarily reject a long-lived token before it's expiration. > (...) like if a service is dealing with very sensitive data. No. That's why single-user tokens are used. |
|
|