> having a blocklist of revoked JWT IDs in an in-memory cache (like Redis) can bring back some performance benefits.
Doing this obviates some of the benefits of JWT's statelessness, but for situations where revocation is really important and you can't have that few seconds of JWT validity after a user logs out, this totally works.
Doing this obviates some of the benefits of JWT's statelessness, but for situations where revocation is really important and you can't have that few seconds of JWT validity after a user logs out, this totally works.
My employer has an article about this topic here: https://fusionauth.io/learn/expert-advice/tokens/revoking-jw...