• ?

    user

    2 years ago
    Once I add the blacklisting feature, will that just transform the solution from stateless to stateful authentication because of database calls? (correct me if I am wrong, I am still going through the codebase)
  • r

    rp

    2 years ago
    Yup. That is correct. However, what we also plan on doing is that you can add blacklisting for certain APIs. Like all POST APIs can check the blacklist, whilst all GET APIs need not do that. This means that your GET APIs (which are most frequently called) will be super fast, whilst your POST APIs will get the benefit of immediate revocation. As a note, we also plan on supporting opaque access tokens. We just started off with JWTs since that's what the majority of the people we had spoken to wanted.
  • ?

    user

    2 years ago
    Alright. Thank you for your time & reply to my queries @User .
  • r

    rp

    2 years ago
    Cheers! If you have any more questions, please feel free to ping me here.
  • r

    rp

    2 years ago
    hey @User
  • r

    rp

    2 years ago
    Hey @User !
  • r

    rp

    2 years ago
    hey @User
  • ?

    user

    2 years ago
    hi
  • r

    rp

    2 years ago
    what brings you to our server?
  • ?

    user

    2 years ago
    Haha from this article "All you need to know about user session security" Thank a lot!