👀 Views: 0 💬 Answers: 1 📅 Created: 2025-09-17

OAuth JWT C++ scalability cpprestsdk

I'm attempting to set up I'm upgrading from an older version and I'm relatively new to this, so bear with me. I'm sure I'm missing something obvious here, but Building an application that requires robust authentication, I decided to implement OAuth 2.0 with JSON Web Tokens (JWT). Given the need for scalability due to anticipated user growth, I am focusing on ensuring that the token validation process is both efficient and secure. I opted to use the `cpprestsdk` library for handling HTTP requests and the `jwt-cpp` library for JWT management. However, during implementation, I faced challenges with token expiration and refreshing, especially when scaling out to multiple microservices. Here’s a simplified snippet of my current setup: ```cpp #include <cpprest/http_client.h> #include <jwt-cpp/jwt.h> void validateToken(const std::string& token) { auto decoded = jwt::decode(token); auto exp = decoded.get_payload_claim("exp").as_integer(); if (exp < std::chrono::system_clock::now().time_since_epoch().count()) { throw std::runtime_error("Token expired"); } // additional validation logic } ``` In the application, I’m generating tokens with a validity period of one hour and attempting to refresh them using a separate endpoint. This has led me to consider how to manage refresh tokens securely, especially in a distributed environment. I’ve experimented with storing these refresh tokens in a central Redis cache to avoid issues with session persistence but am uncertain about the scalability of that approach. Furthermore, I've run load tests to see how the system performs under high concurrency, which revealed potential bottlenecks in the token validation phase. I wonder if pre-validating tokens or using a caching mechanism to store previously validated tokens could alleviate some of the strain. Has anyone implemented a similar system and found effective patterns for handling token validation and refreshing in a scalable way? Any insights on best practices or design patterns would be greatly appreciated. Thanks for any guidance you can provide! This is part of a larger API I'm building. What am I doing wrong? I'm on macOS using the latest version of C++. Has anyone dealt with something similar? Thanks, I really appreciate it!