Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is issuing a JWT implicitly mean that they are storing it in a database? Couldn't they have just... not stored the data... but can still validate it?


Exactly this. They just need to validate the JWT signature against a JSON Web Key Set (JWKS). There's no need to store the data.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: