All geek questions in one place

Should I store JWT tokens in redis?

I am building an application with ExpressJS, Mongodb (Mogoose). The application contains routes in which the user must authenticate before accessing it.

Currently, I have written special middleware to do the same. Here, using a JWT token, I make a mongodb request to authenticate the user or not. but feel that this may result in unnecessarily loading the query in my database.

Should redis be integrated for this specific task?
will API performance improve? or should go ahead with the existing mongodb approach?

It would be helpful if I get more information about this.

+4
source share
2 answers

TL; DR: If you want at some point you can cancel the token, yes, save it in something quickly, like Redis.

One of the well-documented drawbacks of using JWT is that there is no easy way to cancel a token if, for example, the user needs to be logged out or the token has been hacked. Canceling a marker would mean looking at it in some kind of storage, and then deciding what to do next. Since one of the points of the JWT is to avoid round trips in db, a good compromise would be to keep it in something less tax than rdbms. This is the perfect job for Radish.

+3
source

Redis jwt. Redis . . jwt-redis

0

Source: https://habr.com/ru/post/1680663/

More articles:


All Articles