Why JWT Still Needs Redis Despite Its Stateless Promise

Although JWT is marketed as a stateless, database‑free authentication method, real‑world applications often store token identifiers in Redis to handle logout, password changes, and token renewal, which reintroduces state and a database lookup.

AuthenticationJWTRefresh token

0 likes · 6 min read

Why JWT Still Needs Redis Despite Its Stateless Promise

Top Architect

Sep 30, 2022 · Backend Development

Implementing JWT Blacklist with RedisTokenStore in Spring Security OAuth2

This article explains why JWT is not ideal for logout and token renewal, recommends using a Redis‑backed token store, and provides three Redis‑based blacklist implementations with detailed Java code snippets for extending JwtTokenStore, custom converters, and global filters in Spring Security OAuth2.

JWTJavaOAuth2

0 likes · 12 min read

Implementing JWT Blacklist with RedisTokenStore in Spring Security OAuth2