You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
Based on the understanding, Thrymr Team created a Technical Architecture for the User management.
-1.png?version=1&modificationDate=1621483119858&cacheVersion=1&api=v2&width=340&height=254)
| | |
|---|
Description | Following points regarding JWT+Redis
JSON Web Tokens (JWT) : We can control access to APIs you deploy to API gateways using JSON Web Tokens (JWTs). When a client attempts to access an API, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key. A token will be active until its set expiration date.
Even if the user has logged out on the front-end and local storage cleared, anyone having access to the token can access authenticated routes for that user until the token expires. The solution is to save a blacklisted token on logout in a column of the user table and use it for validation, destroying the previous token when it expires. | |
Pros and cons | 
Advantages
In-memory relies on main memory for computer data storage and is faster than database management systems that use disk-management systems. Why Redis: Redis is an in-memory data structure store used as a database, cache, or message broker. You can use data structures like strings, hashes, lists, sets, sorted sets e.t.c We have used JWT + Redis for many projects.
We can use any other DB to maintain a blacklisted token but Redis is very fast as per our previous experiences.
|
Disadvantage: Maintaining Redis is only for backend login engineering work not for any business functionality purpose. |
-2.png?version=1&modificationDate=1621483124305&cacheVersion=1&api=v2&width=680&height=220)
Add Comment