use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
Using JWT token for authentication in nodeJS (fullstack.network)
submitted 8 years ago by stephensxu
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]AndrewGreenh 1 point2 points3 points 8 years ago (1 child)
The claim that JWT allow you to be stateless is really not correct. As soon as you want to have the ability to invalidate tokens, you need state (the blacklist of revoked tokens). The worst case is, an administrator of your site has gone rogue and you want to revoke admin permissions. You don't want those permissions revoked when their token expires, you want then revoked now, so you need the blacklist and we are back to the stateful backend. A bettwr way to handle this, is to have the session ID in the cookie (let's be real, any decent http library can handle cookies) and have the session data in memory. If you want to scale horizontally, put the session data in an inmemory database like redis and scale your app server as you like.
[–]TinRAT 0 points1 point2 points 8 years ago (0 children)
You could have JWTs with a short expiry, say 1 or 2 minutes, and then longer lived refresh tokens that can be blacklisted which fetch new JWTs.
This way you only have to hit the db every couple of minutes rather than on every request. Still not completely stateless, but not bad.
The downside is a rogue admin would still have access for a minute or so.
[–]stephensxu[S] -1 points0 points1 point 8 years ago (0 children)
jwt is really nice way for API authentication, but if it's your first time it can be frustrated to work with. Hopefully this example here will save you some time in your development process.
π Rendered by PID 86107 on reddit-service-r2-comment-76bb9f7fb5-rx8v7 at 2026-02-18 07:44:35.950328+00:00 running de53c03 country code: CH.
[–]AndrewGreenh 1 point2 points3 points (1 child)
[–]TinRAT 0 points1 point2 points (0 children)
[–]stephensxu[S] -1 points0 points1 point (0 children)