How About Tomorrow?
Open Source Security Theater
Dax
They don't know that you flagged it as bad. And if you try to design some kind of system to make them check a database first, then you've effectively... lost all the benefits of a JWT. So what you do is you set the JWT expiration to be really low, like five minutes, and then you also issue a refresh token, and the refresh token is not a JWT.
0
💬
0
Comments
Log in to comment.
There are no comments yet.