I am working on a new NodeJS single page application. I am going to use the server for REST API calls only. Hence considering Restify over Express.
One of the requirements is to allow blacklisting users. The application is user -generated content kind.
What is the best practice? My understanding is that JWT authentication is the standard and has no-session-store advantage, therefore it does not provide for token invalidation.
Is my understanding correct? What is the best practice? Is there a good tutorial covering this point? I would imaging that the requirement of banishing obtrusive users is a common one for UGC apps.
Hope this question is suitable for SO as it is not for an opinion but for a common pattern. Is my assumption that this is a common use case and common practice exists for handling is correct?
via Michael
No comments:
Post a Comment