— Well this have things like token revoke
— Yeah, it just checks for expired tokens it seems
— Yup you need at least a single DB check every time you get a jwt
— And a DB table just for blacklisted tokens that you check every time
— I would not use jwt unless you fully understand how jwt works and how it should be used, and not be used
Message permanent page
— Even if you use a library, it can't protect you from misusing it
— Wat? That defeats the purpose
— It's the only way to "revoke" tokens