You hand out a token, often a json web token, to an authenticated user, which is then validated for each request. A token is basically a hall pass which is signed by your central authority. Depending on how “instant” removal of users needs to be, you sync with a central identity provider each time or you rely on short lived tokens.
You hand out a token, often a json web token, to an authenticated user, which is then validated for each request. A token is basically a hall pass which is signed by your central authority. Depending on how “instant” removal of users needs to be, you sync with a central identity provider each time or you rely on short lived tokens.