Interesting case. So this was implemented for long-lived API tokens (order of months)? This must have been a very detailed design process for such an architecture, haven't been?
I believe you had scalability challenges to tackle! Just curious: standard OAuth with rotating refresh tokens was not feasible?
Was the ratio between active long-lived API tokens (many) and invalidated ones (few) one of the deciding factors?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Interesting case. So this was implemented for long-lived API tokens (order of months)? This must have been a very detailed design process for such an architecture, haven't been?
I believe you had scalability challenges to tackle! Just curious: standard OAuth with rotating refresh tokens was not feasible?
Was the ratio between active long-lived API tokens (many) and invalidated ones (few) one of the deciding factors?