brockallen
commented
8 years ago JWTs are self-contained and don't need to be sent to IdSvr to validate. Caching for reference tokens saves the round trip.
Closed akshetty9 closed 8 years ago
brockallen
commented
8 years ago JWTs are self-contained and don't need to be sent to IdSvr to validate. Caching for reference tokens saves the round trip.
akshetty9
commented
8 years ago Hello Brock Allen... I have read about this. But, in case some one is writing their own API for validation, is there any problem that you see if they want to cache the JWT validation results? If the token is valid for for 30 minutes, it can avoid doing the validation for all calls for that duration and use the results in cache.
brockallen
commented
8 years ago Sure. It would avoid the overheard of JWT validation with the trade off of memory consumption.
akshetty9
commented
8 years ago ok..I guess then we need to weigh the cost for memory against the time for each validation and decide. Thanks
Is there any reason for caching only reference tokens and not JWT?