Рет қаралды 7,582
Support my work / pawelspychalski
One of the popular questions about JWT is how to revoke a JWT token. The thing is, you can't revoke a single token. You can build a blacklist of all the tokens you want to invalidate, but it's not the way! Just keep the lifespan on the JWT token (exp claim) short and disable the user if required.
What are JWT tokens? Modern authentication and authorization for microservices • What is JWT? The JSON ...
0:00 How to revoke a JWT token
0:43 A token blacklist concept
1:03 So, how to secure your app? Keep the lifetime of the JWT short
3:00 Key change and not-before policy
4:12 What have we learned today?
4:50 Outro
#quadmeup #jwt #programming
www.keycloak.org/docs/latest/...
If you want to support me:
✅ Patreon / pawelspychalski
✅ Banggood affiliate bit.ly/2P8oAxr
✅ Paypal paypal.me/pawelspychalski
▶ Discord server quadmeup.com/discord
▶ My website quadmeup.com/