Y
Hacker News
new
|
ask
|
show
|
jobs
by
dteoh
4296 days ago
You can store the expiry time in the token itself. Then it is up to your server to validate that the token is still live. If you need to mass invalidate every token, you change the signing key.
1 comments
kieranelby
4296 days ago
So is there any way to do single-sign-out if using these tokens for authentication?
link