Closed vindyvalentine closed 2 years ago
It is better to checking validity of token after it pass the required of type.
For example, check the token if it's access token, then do a validity check including revoked or not (check if token in denylist)
The reason i suggest this method is because i put the "denylist" in database, so it would be save the request to the database
It is better to checking validity of token after it pass the required of type.
For example, check the token if it's access token, then do a validity check including revoked or not (check if token in denylist)
The reason i suggest this method is because i put the "denylist" in database, so it would be save the request to the database