You can go ahead with using a cache for this purpose. Check how caches are initialized and being used in oauth component. Later we can think about persisting it to database.
On Sun, Mar 15, 2015 at 9:06 PM, Farasath Ahamed <[email protected]> wrote: > > Hi, > > Currently I am working on implementing JWT(JSON Web Token) Bearer Grant > Type for WSO2 IS. According to the spec, > > "The JWT MAY contain a jti (JWT ID) claim that provides a unique > identifier for the token. The > authorization server MAY ensure that JWTs are not replayed by maintaining > the set of used > jti values for the length of time for which the JWT would be considered > valid based on the > applicable exp instant." > > Therefore i need to maintain a list of used JWT IDs for a certain time and > update them(list of IDs) periodically. What would be the best way to do > this? > -- > *Farasath Ahamed* > Software Engineering Intern > WSO2 Inc.; http://wso2.com > > Mobile: +94 777 603 866 > E-Mail: farasath <http://goog_1999535192>[email protected] > Blog: http://thepseudocode.blogspot.com/ > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
