On Saturday, January 20, 2018 at 12:08:16 AM UTC+1, Lawrence D’Oliveiro wrote: > > Surely it’s the other way round, the usual practice being to maintain a > store of *valid* tokens, with a finite lifetime attached to each (perhaps > reset when they get presented again). The tokens get deleted either on > explicit logout or implicitly on lifetime expiry. Anything that isn’t > currently recognized from the store entries is invalid. >
Nope, that would require a central store of tokens. In single sign-on environments, or with more complex authentication schemes like OAuth, web servers have to accept tokens that were issued elsewhere. They don't know about a token until it is presented to them. -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/774bf08b-89ef-486f-9466-3c5aaae2f7d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
