SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

👋 Hey everyone.  I was thinking on an approach to handling zedtokens in our app and wanted to check here and see if it makes sense to you.

We have a client app, and a server that talks with spicedb.  Currently, we store zedtokens in a PGSQL in the server to have `at least as fresh as` semantics on permissions.

But that's a bit of a PITA and I'd like to avoid that roundtrip to PGSQL, **so I was thinking about passing them to the client in HTTP cookie responses, that way the client would always send over the latest zed token they know of.**.  Does that make sense to you?  I cannot see any problem right now but am no expert in that.