Message from JavaScript discussions

January 2018

— Standards to replace 6 lines?


Express-jwt/ at master · auth0/express-jwt

— Well this have things like token revoke

— Wat

— You can't revoke jwt's

— Yeah, it just checks for expired tokens it seems

— Yup you need at least a single DB check every time you get a jwt

— And a DB table just for blacklisted tokens that you check every time

— I would not use jwt unless you fully understand how jwt works and how it should be used, and not be used

Message permanent page

— Even if you use a library, it can't protect you from misusing it

— Wat? That defeats the purpose

— It's the only way to "revoke" tokens