You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
Based on the understanding, Thrymr Team created a Technical Architecture for the User management.
| | |
---|
Description | Following points regarding JWT+Redis JSON Web Tokens (JWT) : We can control access to APIs you deploy to API gateways using JSON Web Tokens (JWTs). When a client attempts to access an API, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key. A token will be active until its set expiration date. Even if the user has logged out on the front-end and local storage cleared, anyone having access to the token can access authenticated routes for that user until the token expires. The solution is to save a blacklisted token on logout in a column of the user table and use it for validation, destroying the previous token when it expires. | |
Pros and cons | Advantages In-memory relies on main memory for computer data storage and is faster than database management systems that use disk-management systems. Why Redis: Redis is an in-memory data structure store used as a database, cache, or message broker. You can use data structures like strings, hashes, lists, sets, sorted sets e.t.c We have used JWT + Redis for many projects. We can use any other DB to maintain a blacklisted token but Redis is very fast as per our previous experiences.
| Disadvantage: Maintaining Redis is only for backend login engineering work not for any business functionality purpose. |
0 Comments