Based on the understanding, Thrymr Team created a Technical Architecture & Database Schema for the User management.
Following points regarding JWT+Redis
JSON Web Tokens (JWT) :
We can control access to APIs you deploy to API gateways using JSON Web Tokens (JWTs). When a client attempts to access an API, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key. A token will be active until its set expiration date.
Even if the user has logged out on the front-end and local storage cleared, anyone having access to the token can access authenticated routes for that user until the token expires.
The solution is to save a blacklisted token on logout in a column of the user table and use it for validation, destroying the previous token when it expires.
Pros and cons
In-memory relies on main memory for computer data storage and is faster than database management systems that use disk-management systems.
Maintaining Redis is only for backend login engineering work not for any business functionality purpose.
Justification for Redis
Redis is an in-memory data structure store used as a database, cache, or message broker. You can use data structures like strings, hashes, lists, sets, sorted sets e.t.c
We have used JWT + Redis for many projects.
We can use any other DB to maintain a blacklisted token but Redis is very fast as per our previous experiences.
Pros and cons |
Advantages | Disadvantage: |
Database Schema
Vineet Singh DB schema added above. Please share your comments