Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello all, my use-case requires using Kratos + OathKeeper (for generating JWTs), but the concern I have is does OathKeeper allows revoking JWTs.

Also, How can I configure expiry of a JWT  generated??

In general JWT tokens can only expire at their preset expiration date. Its one of the fundamental tradeoffs between them and sessions.

The accepted answer covers what can be done well <https://stackoverflow.com/questions/21978658/invalidating-json-web-tokens>

Yes, you are right, but by adding the token in blacklist until its expiry time can help (I know this defeats the purpose of statelessness provided by JWTs). And want to know if oathkeeper provides such functionality??