Echo JS 0.11.0

JWT authentication: When and how to use it

at logrocket.com

4 up and 1 down, posted by efunction 2021 days ago 3 comments

igl 2020 days ago. link parent 2 points ▲ ▼

> have a key/value store that keeps a revocation list

Congrats! You reverse-engineered sessions.

The whole point of JWT is NOT to have that database round-trip for auth when you receive a request.

Replies

tracker1 2020 days ago. link 1 point ▲ ▼

TFA says you should keep the tokens in the database, and fuck with the expires date... a revokation list is *FAR* lighter.