JWT with a key pair is a good way to prevent DB lookups or keeping sessions for subsequent requests. You can guarantee the JWT was signed with your private key, only available on your server. The public key can be cached, e.g. in redis, for fast lookup to decrypt the JWT and then you can trust the user object inside without a DB lookup. Additionally, you can easily rotate the key pair and "log out" everyone if you need to.
Applying this to a token received from a third party is possible, just wrap the value of their token in a JWT and use the private key to encrypt it.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
JWT with a key pair is a good way to prevent DB lookups or keeping sessions for subsequent requests. You can guarantee the JWT was signed with your private key, only available on your server. The public key can be cached, e.g. in redis, for fast lookup to decrypt the JWT and then you can trust the user object inside without a DB lookup. Additionally, you can easily rotate the key pair and "log out" everyone if you need to.
Applying this to a token received from a third party is possible, just wrap the value of their token in a JWT and use the private key to encrypt it.