Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Based on the understanding, Thrymr Team created a Technical Architecture for the User management.

Description

Following points regarding JWT+Redis
JSON Web Tokens (JWT) :

We can control access to APIs you deploy to API gateways using JSON Web Tokens (JWTs).  When a client attempts to access an API, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key. A token will be active until its set expiration date.
Even if the user has logged out on the front-end and local storage cleared, anyone having access to the token can access authenticated routes for that user until the token expires.

The solution is to save a blacklisted token on logout in a column of the user table and use it for validation, destroying the previous token when it expires.

Pros and cons

(plus)

Advantages
In-memory relies on main memory for computer data storage and is faster than database management systems that use disk-management systems.

Why Redis:

  1. Redis is an in-memory data structure store used as a database, cache, or message broker. You can use data structures like strings, hashes, lists, sets, sorted sets e.t.c

  2. We have used JWT + Redis for many projects.
    We can use any other DB to maintain a blacklisted token but Redis is very fast as per our previous experiences.

(plus)

Disadvantage:

Maintaining Redis is only for backend login engineering work not for any business functionality purpose.

...