Echo JS 0.11.0

<~>
igl 2263 days ago. link parent 2 points
> have a key/value store that keeps a revocation list

Congrats! You reverse-engineered sessions.

The whole point of JWT is NOT to have that database round-trip for auth when you receive a request.

Replies

tracker1 2263 days ago. link 1 point
TFA says you should keep the tokens in the database, and fuck with the expires date... a revokation list is *FAR* lighter.