Hi, Currently I am working on implementing JWT(JSON Web Token) Bearer Grant Type for WSO2 IS. According to the spec,
"The JWT MAY contain a jti (JWT ID) claim that provides a unique identifier for the token. The authorization server MAY ensure that JWTs are not replayed by maintaining the set of used jti values for the length of time for which the JWT would be considered valid based on the applicable exp instant." Therefore i need to maintain a list of used JWT IDs for a certain time and update them(list of IDs) periodically. What would be the best way to do this? -- *Farasath Ahamed* Software Engineering Intern WSO2 Inc.; http://wso2.com Mobile: +94 777 603 866 E-Mail: farasath <http://goog_1999535192>a...@wso2.com Blog: http://thepseudocode.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
