Currently we are using stateless JWTs and JWT Refresh tokens.
The way they are currently planned to be revoked is by sending a response to the client saying "Delete tokens" and the web client will delete it from the cookies/state
Should we instead be saving tokens to a database this way we can just revoke them by deleting the records of the tokens?
Currently we are using stateless JWTs and JWT Refresh tokens.
The way they are currently planned to be revoked is by sending a response to the client saying "Delete tokens" and the web client will delete it from the cookies/state
Should we instead be saving tokens to a database this way we can just revoke them by deleting the records of the tokens?