▲ JWT authentication: When and how to use it at logrocket.com▼4 up and 1 down, posted by efunction 2264 days ago 3 comments
igl 2263 days ago. link parent 2 points ▲ ▼> have a key/value store that keeps a revocation list Congrats! You reverse-engineered sessions. The whole point of JWT is NOT to have that database round-trip for auth when you receive a request.
tracker1 2263 days ago. link 1 point ▲ ▼TFA says you should keep the tokens in the database, and fuck with the expires date... a revokation list is *FAR* lighter.