Comment on How to store user's access tokens/API keys without hashing them?
mrkite@programming.dev 9 months agoThe issue with JWTs is that there is no way to revoke them.
Except you can have a nonce in the JWT that corresponds to a field on the server… which is revokable.
towerful@programming.dev 9 months ago
Oh, as opposed to a revocation list.
Yup, I’m an idiot