04/11/2022, 3:03 PM
Hi everyone, found spice DB project recently, watched a couple a couple of videos about it (how to design scheme, etc), and interesting, is it possible to solve "JWT token revocation" problem via spice DB? Let's imagine we have a set of microservices that are connected to the spiceDB and use particular schema and JWT token as auth mechanism, if we want to block user we need to revoke his JWT token somehow and that may have a significant performance impact (we need to check that list on each request), instead of creating black list of users can we just move user to the special group with no-permissions and remove from prev groups (and save his old permissions in case we will need to unlock it somehow)? Sorry if question is kind of "stupid", I am really new to spicedb and will be happy if there are any articles about "revokation"