kpacha
commented
2 years ago yes, the KrakenD instances keep a set in memory of the revoked tokens. they expect initialization and updates from an external source by using the exposed RPC methods union and add.
here you have two small working examples for the remote client of the RPC service:
- https://github.com/devopsfaith/krakend-playground/blob/master/jwt-revoker/main.go
- https://github.com/devopsfaith/bloomfilter/blob/master/cmd/client/main.go
the easiest way to implement your client is adding a local bloomfilter into it and using it for sending the initial snapshots to the new instances
alexzarbn
github-actions[bot]
Describe what are you trying to do Hi, we're considering to use KrakenD as an API Gateway, and it is looking good so far.
The only question is token revocation. In the documentation it states that revoked tokens are stored in memory, which leads to the question - what happens, if a token is revoked and KrakenD instance is shut down before the token is invalidated on an end-user's side (let's say, user did not make any requests to an API after the token was revoked)?
Does KrakenD (somehow) restores the list of revoked tokens after a reload or in the scenario above revoked tokens won't be considered as "revoked" anymore and users would still be able to access an API?
Thank you!