Add database backed logging #8

ollieread · 2020-01-12T12:51:30Z

Add the ability to enable JWT id logging in the database along with corresponding expiration timestamps.

The database should only store the jti, aud and exp claims. It should have a flag for revoking tokens and an optional command to clean any entries that have expired.

The text was updated successfully, but these errors were encountered:

ludo237 · 2020-01-18T08:37:57Z

You can leverage a json column to store every claims

ollieread · 2020-01-18T18:55:02Z

@ludo237 I'd like to avoid storing every claim. The reason for the selected ones above are for several reasons:

jti This is the id that represents the JWT token and can be used to quickly query, allowing you to blacklist, etc
aud This allows you to see which audience the JWT token was for, this is particularly useful if you have a JWT issuer for multiple audiences (like I do)
exp This is stored so that, if necessary, the rows can be pruned once tokens have expired

The idea is not to backup the JWT in the database, as that's sort of pointless. It's to instead keep a log of JWTs being issued.

ollieread added the enhancement New feature or request label Jan 12, 2020

ollieread self-assigned this Jan 12, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add database backed logging #8

Add database backed logging #8

ollieread commented Jan 12, 2020

ludo237 commented Jan 18, 2020

ollieread commented Jan 18, 2020 •

edited

Loading

Add database backed logging #8

Add database backed logging #8

Comments

ollieread commented Jan 12, 2020

ludo237 commented Jan 18, 2020

ollieread commented Jan 18, 2020 • edited Loading

ollieread commented Jan 18, 2020 •

edited

Loading