Closed akshetty9 closed 8 years ago
JWTs are self-contained and don't need to be sent to IdSvr to validate. Caching for reference tokens saves the round trip.
Hello Brock Allen... I have read about this. But, in case some one is writing their own API for validation, is there any problem that you see if they want to cache the JWT validation results? If the token is valid for for 30 minutes, it can avoid doing the validation for all calls for that duration and use the results in cache.
Sure. It would avoid the overheard of JWT validation with the trade off of memory consumption.
ok..I guess then we need to weigh the cost for memory against the time for each validation and decide. Thanks
Is there any reason for caching only reference tokens and not JWT?