re: How do you handle role/permissions updates with JWT? VIEW POST


If your scenario requires authorization lookups for every call (ie you cannot tolerate the staleness of a jwt, no matter how short) then token based auth is probably not the right solution.

Using token based auth adds complexity, if you are still going to make authorization calls every time you are paying that cost for no gain.

Code of Conduct Report abuse