This is why our design revoked tokens via their jti field, which is not changeable provided the tokens are correctly signed (with an RSA or elliptic curve key pair). it does require all tokens to be parsed, but we can delegate that to a trusted library that should be resistant to attack...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Oh wow, didn't realize this. Thank you for sharing. Will check it out.
This is why our design revoked tokens via their
jti
field, which is not changeable provided the tokens are correctly signed (with an RSA or elliptic curve key pair). it does require all tokens to be parsed, but we can delegate that to a trusted library that should be resistant to attack...