re: Be careful of the JWT hype train VIEW POST

TOP OF THREAD FULL DISCUSSION
re: All good, but - what about "microservices" architecture? Where several servers cannot validate the cookie session? Do you have a solution other tha...
 

Assuming you need the JWT for user properties because of your decoupled stateless architecture, just have another property on the JWT that holds a key.

Assuming you have a layer in your architecture that all your microservices use for config etc. Redis for example.
The value for that key in Redis could be the token.

code of conduct - report abuse