- What's the problem
- Stateful data cannot be replicated fast enough, esp when authenticating clients are devices, things, microservices, etc and not humans.
- This means legit clients who have authenticated are denied access to resources
- What's the solution
- All the data that would have been stored in a Stateful session, is stored in a JWT.
- The JWT is signed and optionally encrypted
- When JWT is presented to AM
- All AM servers globally use the same key to check signature
- Sounds good, but how does logout work?
- Logout means that a session token should no longer work. How do all AM servers know a given session is now invalid?
- On logout, a session is added to a blacklist
- But that means we have state (the blacklist) that needs replicating, right?
- Yes, but we can minimize the size of the blacklist and the speed of lookups by using Bloom Filters
- Bloom Filters store large quantities of data in a very compact form and can answer the question of "is this token in the blacklist?" extremely efficiently
- Probability of False Positives can be managed by number of hash functions and size of filter.
Sample of FPP:
# Blacklisted sessions
Size (1% FPP)
Size (0.1% FPP)
Size (0.01% FPP)
- AM implements chained Bloom Filters
The blacklist only needs to hold tokens which are between logout time and expiry time, so it can be cleaned up.
- Why aren't all architectures stateless?
- Some things very hard to do with stateless - e.g. Session Quotas, dynamic session contents, etc
- Stateful vs Stateless depends on the use case.
- AM offers both models.