Module token_revocation 

Token revocation — reject JWTs whose jti claim has been revoked.

After JWT signature verification succeeds, the server checks the token’s jti (JWT ID) claim against a revocation store. If the jti is present, the token is rejected with 401.

Two production backends: Redis (recommended) and PostgreSQL (fallback). An in-memory backend is provided for testing and single-instance dev.

Revoked JTIs expire automatically when the JWT’s exp claim passes, keeping the store bounded.

Structs

InMemoryRevocationStore

In-memory revocation store for testing and single-instance dev.

TokenRevocationConfig

Token revocation configuration embedded in the compiled schema.

TokenRevocationManager

High-level token revocation manager wrapping a backend store.

Enums

RevocationError

Revocation store error.

TokenRejection

Why a token was rejected.

Traits

RevocationStore

Revocation store abstraction.

Functions

revocation_manager_from_schema

Build a TokenRevocationManager from the compiled schema’s security.token_revocation JSON.