| ▲ | rahkiin 3 days ago | |
If api keys do not need to ve stateless, every api key can become a refresh token with a full permission and validity lookup. | ||
| ▲ | marcosdumay 3 days ago | parent [-] | |
This. The separation of a refresh cycle is an optimization done for scale. You don't need to do it if you don't need the scale. (And you need a really huge scale to hit that need.) | ||