This commit is contained in:
Muyao CHEN
parent
9290bcf88c
commit
544ccbe1ca
16
README.md
16
README.md
@ -342,3 +342,19 @@ front-end for now and concentrate on my backend Go app.
|
||||
For now, I will just test my backend with `curl`.
|
||||
|
||||
And today's job is to get the login part done!
|
||||
|
||||
### 2024/10/13
|
||||
|
||||
Finally it took more than just one night for me to figure out the JWT.
|
||||
|
||||
The JWT token is simple because it doesn't need to be stored to and fetched
|
||||
from a database. But there is no way to revoke it instead of waiting for the
|
||||
expiry date.
|
||||
|
||||
To do so, we still have to use a database. We can store a logged out user's
|
||||
jti into Redis, and each time we log in, look up the cache to find if the
|
||||
user is logged out. And set the cache's timeout to the expiry time of the
|
||||
token, so that it is removed automatically.
|
||||
|
||||
It'd better to inject the dependency of Redis connection into the `Authn`
|
||||
middleware so that it's simpler to test.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user