Once I add the blacklisting feature, will that just transform the solution from stateless to stateful authentication because of database calls? (correct me if I am wrong, I am still going through the codebase)