marsha icon indicating copy to clipboard operation
marsha copied to clipboard
verified publisher icon openfun

Manage JWT revocation

Open qbey opened this issue 3 years ago • 0 comments

Feature Request

Is your feature request related to a problem or unsupported use case? Please describe. The Marsha's JWTs have a fixed lifetime, especially the "Challenge JWT" which can be used several times during its validity.

Describe the solution you'd like We may be able to revoke JWT once used or when user logs out or other cases.

Describe alternatives you've considered We need to store the not expired, revoked JWT in a database to check anytime a JWT is used and is valid, if it has been revoked. The database can be chosen later between PSQL or Redis (or other). The JWT only needs to be stored until its expiry date/time is reached.

qbey avatar Sep 26 '22 13:09 qbey