mimg
- Karma
- 8
- Created
- June 14, 2016 (10y ago)
- Submissions
- 0
-
From what I have read I see two approaches. You can use a per-user secret to sign a token. When the user wants to invalidate, change the per-user secret. Of course this will invalidate all issued tokens so no fine grain…