Hacker News new | past | comments | ask | show | jobs | submit login

How so?

It's effectively a micro-optimization that will have no real effect, but you can do a simple "exists" query when searching the revocation list, and the TTL keeps the collection small.

Not advocating for JWT as it's a silly mess to do everything correctly, but it is possible.




Searching a revocation list misses the point of RESTful authentication.


There is no such thing as a RESTful authentication. REST's design hinges on URIs being public.


What do public URIs have to do with it? I don't think we are speaking the same language.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: