Comment by apitman Comment by apitman 4 days ago 2 replies Copy Link View on Hacker News OAuth2 is not inherently stateless.
Copy Link catlifeonmars 4 days ago Collapse Comment - Good call. I said OAuth but what I meant was OIDC and specifically JWT. OAuth (not OIDC) implementations MAY use opaque access tokens that require server side state to validate. Reply View | 1 reply Copy Link apitman 4 days ago Parent Collapse Comment - Ah makes sense Reply View | 0 replies
Good call. I said OAuth but what I meant was OIDC and specifically JWT. OAuth (not OIDC) implementations MAY use opaque access tokens that require server side state to validate.