Right now im using passport-jwt and it doesn't store the jwt in the db at all. My thoughts are mixed on this as i'd think you'd want to store it in the db and look it up.The idea would be to create a model for users, and another for tokens, store all tokens in a collection/table and toggle the status based on revoked/expired. Each time the token is provided look it up in the db, and find the associated user.what is the general consensus on JWTs and if you should store them or not, why wouldn't you?
Submitted December 30, 2016 at 03:37PM by ndboost
No comments:
Post a Comment