There’s nothing in OAuth that would make that a limitation. Many people decide t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jon-wood on Aug 18, 2021 \| parent \| context \| favorite \| on: Canada calls screen scraping ‘unsecure,’ sets Open... There’s nothing in OAuth that would make that a limitation. Many people decide to issue JWTs without any sort of blacklisting of revoked tokens, but that’s not really a problem with the OAuth spec.

javajosh on Aug 18, 2021 [–]

>blacklisting of revoked tokens

Ah, so a blacklist eh? ...Checked by an ad hoc per-request session mechanism perhaps?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact