rawwar commented on PR #49531: URL: https://github.com/apache/airflow/pull/49531#issuecomment-2822818780
> > I was looking to store this in DB. > > In that case, should we start a discussion on the dev mailing list or channel about whether we want to introduce storing `jti` in the DB for tracking and invalidating JWTs? Why do you think this change needs to go through mailing list. Does this have potential negative effects? Main reason in my mind when raising this PR was that, this can avoid duplicates, if too many tokens are generated very quickly. Right now, our unique value in claims is the current datetime. And, it will be in seconds because we use datetime.now(). I thought adding jti would just avoid scenario's to generate duplicate tokens. With no duplicate tokens, its a sureity that we are correctly invalidating the token for the particular session . For token invalidation, there's another issue - https://github.com/apache/airflow/issues/47952#issuecomment-2822103842 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
