matheus23
commented
7 months ago We don't do this yet. So far I'm avoiding DB requests in the auth checking code. The clients have to come with all of the UCANs needed to verify the request.
So essentially I'm postponing this until it becomes an issue.
ETA: 2023-10-31
Use the Capability store to skip validation of UCANs that the server already knows about. This likely requires some integration with
rs-ucan(e.g. exposing new traits, etc), but not sure at time of writing.cc @QuinnWilton thoughts? Here's an example schema of how we'd cache this in a DB.