This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

JWT revocation

Posted on 05-27-2019 04:24 PM
sunithabprasad
New Member
Reply posted on --/--/---- --:-- AM

Hello,

what is the best approach to revoke json web tokens for mission critical applications.

could you please share any reference implementation you have for the proxies in Apigee for this.

0 3 151
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

You can check below post,

https://community.apigee.com/questions/67382/how-to-invalidaterevoke-jwt-token-after-user-logou.html

Check Dino's answer and for sample proxy check my answer with proxy bundle.

0 Likes

Posted on --/--/---- --:-- AM
sunithabprasad
New Member
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Thank you for your response.

but was looking for a better solution. Per Dino's solution, JWTs should be maintained separately by us to track their status in cassandra? and cached ? and not looking to use cookies either

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sunithabprasad
Reply posted on --/--/---- --:-- AM

JWTs should be maintained separately by us to track their status in cassandra?

What? No. Don't do that. JWT are federated tokens. Nobody needs to store anything. If you have the inclination to store complete JWT you are probably doing it wrong.

0 Likes