Our Vaadin Flow app uses JWT authentication based on the HelloWorld example found here. Any recommendations on structuring a revocation process? For example, if a user changes their password, we’d like all their sessions/JWT’s to be invalidated.
One thing we like about the JWT approach is users don’t need to reauthenticate on server restarts. We’d like to retain that in any solution.