DEV Community

Discussion on: How to invalidate a JWT using a blacklist

meatboy profile image
Meat Boy

Great article :) JWT is an awesome topic.
Protip: you can use pub/sub model of Redis to notify the app about new tokens. However, the main JWT has to be stateless like you mention and possible to verify without additional calls so a better approach is to blacklist refresh tokens and make general token live very short.

chukwutosin_ profile image
Tosin Moronfolu Author

True, this is another way to go about it. Thank you for the feedback