potiuk commented on issue #47559: URL: https://github.com/apache/airflow/issues/47559#issuecomment-2718792023
If we have short living JWT token (but this should be rather minutes than hours, then we could likely get by without keeping invalidated tokens in database. There are some techniques that make it effiicient (like keeping valid tokens in memory cache) to avoid constant checking in database + signals for clearing the cache when we add new invalid token - so we could do it. I think the main question is how long we keep the JWT token for - if it is for minutes, no problem - we can likely get-by without invalidation, especially that we have also sessions for FAB, which will be hour primary "enterprise" authentication mechanism anyway - we can set short expiry time, But if it is potentially for multiple hours, then I am afraid we have to have some mechanism to invalidate the tokens. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
