undefined | Better HN

0 pointsLanceH8y ago0 comments

How do you revoke access to that token?

0 comments

3 comments · 1 top-level

oxymoron8y ago· 2 in thread

Well, you don’t, so if that’s a requirement you’ve got to do it some other way.

e12e8y ago

You can rotate the secret to invalidate all tokens.

tptacek8y ago

No, you can't. That breaks all of your users, and so you'll rarely do it, even when it might be warranted. Don't engineer security countermeasures that you (a) might need to rely on and (b) will be afraid to use.

1 more reply

j / k navigate · click thread line to collapse