jmanico
commented
3 years ago JWT deny lists are a fundamental part of the JWT security ecosystem and I object to minimizing or discouraging their use.
Closed drwetter closed 3 years ago
jmanico
commented
3 years ago JWT deny lists are a fundamental part of the JWT security ecosystem and I object to minimizing or discouraging their use.
jmanico
commented
3 years ago Look at Okta's docs. They certainly provide ways to revoke access tokens or both refresh and access tokens.
https://developer.okta.com/docs/guides/revoke-tokens/revokeatrt/#revoke-only-the-access-token
vanderaj
commented
3 years ago
... and avoiding encouragements of JWT denylists at the server side. See #544.