Currently the goa middleware does a minimal validation check for access tokens, and doesn't perform a status check against the token repository. We need to incorporate the token status check into the JWT layer to ensure that invalid tokens can't be used.
sbryzak
commented
5 years ago
Currently the goa middleware does a minimal validation check for access tokens, and doesn't perform a status check against the token repository. We need to incorporate the token status check into the JWT layer to ensure that invalid tokens can't be used.