Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mgraczyk
3 months ago
|
parent
|
context
|
favorite
| on:
Should I use JWTs for authentication tokens?
You can do what Google and everyone else does, which is store the revoked tokens. At scale this is easy to do efficiently and rarely requires a network request since the number of revoked unexpired tokens is small.
andoando
3 months ago
[–]
How does infrequentcy of revoked tokens reduce requests? Dont you have to check every token to see if its revoked?
Or Do all the server instances store a copy of all revoked tokens in memory/local db?
mgraczyk
3 months ago
|
parent
[–]
All the servers can store a copy or a bloom filter because the number of revoked tokens is small and doesn't change often
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
