2018-12-09 UTC
#
Zegnat You could keep track only of tokens that were revoked - instead of all tokens issued - but that is just storage space saving at the start and nothing else. Another option is to only support wholesale token revokation and store only a timestamp, invalidating all tokens before the timestamp. Less state (your server doesn’t need to remember any tokens) but still some state and may have usability issues
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Fvanderven.se%2Fmartijn%2Fmartijn.jpg&sig=699699569be4c1ad88eedcc02493ba9be5101b5a65978bf262f2ef778f7e64a7)