undefined | Better HN

0 pointsLanceH8y ago0 comments

How do you revoke access to that token?

0 comments

Well, you don’t, so if that’s a requirement you’ve got to do it some other way.

e12e8y ago

You can rotate the secret to invalidate all tokens.

No, you can't. That breaks all of your users, and so you'll rarely do it, even when it might be warranted. Don't engineer security countermeasures that you (a) might need to rely on and (b) will be afraid to use.

1 more reply

j / k navigate · click thread line to collapse

0 comments

oxymoron8y ago

Well, you don’t, so if that’s a requirement you’ve got to do it some other way.

e12e8y ago

You can rotate the secret to invalidate all tokens.

tptacek8y ago

1 more reply

j / k navigate · click thread line to collapse