vgarvardt
commented
6 years ago At the moment there are two available strategies for JWT tokens verification:
jwt- validates JWT token on Janus side (verifies signature and date fields - if it is already and still valid)introspection- makes request to auth provider to validate token, so this option should work fine with revoked tokens that are not valid anymore in auth provider, although it creates additional load to auth provider
More details are available at https://hellofresh.gitbooks.io/janus/content/auth/oauth.html
In the past, in the first versions of Janus, we used to have redis storage strategy, that used to save all issued/refreshed tokens to redis storage and removed them on successfull revoke requests, but then we removed this approach as it was not very reliable.
Hello!
Have you found any solutions to revoke the token with JWT?
Regards, Rodrigo Silveira.