Hello,

I'd like to fix all the async methods and ensure all async methods end with the suffix Async - I will also add a CancellationToken cancellationToken = default); wherever possible.

This will be a breaking change as it changes all of the existing Method names.

I suggest that we do (1) of (2) things:

Option 1: Create duplicate methods with the suffix Async then mark the existing methods as [Obsolete] Iterate the version of Revoke.NET from 2.0.1 to 2.1.0`

When it comes time to release 3.0.0 we will remove the [Obsolete] methods

This option is safer, but more painful for development reasons that are obvious.

Option 2: Iterate to version 3.0.0 with the new Suffix of Async - this will be a breaking change. Users who wish to stay on version 2.x.x can do so.

My thoughts are that this is a younger project, so probably not many users, I vote for Option 2

What do you think?

VERY cool project!! Its neat to see something so important and crucial implemented so nicely. This is a fantastic library and will become very popular as soon as more people learn about it.

I had a question about:

context => { /* create custom key selector from HttpContext */ },
response => { /* create a custom response to be sent when a request is revoked */  }

• Can you provide an example of the 'custom key selector'? Im not sure what you mean by this. Do you mean like add the Authorization: Bearer <token> key where Authorization is the key? How would this work?

• Why would anyone want to provide a custom response, is this an HTTP response? I'm not sure why the library will implement this, when the purpose of the library is to maintain a list of revoked keys. Can you please elaborate?

Thanks!

Hello!

I think this is a GREAT project, I see so many posts online about how to invalidate JWT tokens, and everyone seems to be a bit clueless.
I very much appreciate this library and would love to contribute.

Do you have a 'to-do' list, or 'roadmap' so that I can start making some pull requests?

Thanks!

Hello!

Quick question, can you briefly explain the differences between MemoryBlackList and MemoryCacheBlackList?

I have my assumptions about them, but would love for you to elaborate, I need a little clarity on the purpose of MemoryCacheBlackList and why there is a separate class from MemoryBlackList

Thanks

Hello,

I was exploring your library and caught an exception during runtime. I had forgot to configure the TimeSpan on the RevokeToken `IserviceCollectionMethod.

RevokeService.cs

    /// <summary>
    ///     Register default InMemory BlackList Store Service using <seealso cref="MemoryCacheBlackList" />
    /// </summary>
    /// <param name="services">The services</param>
    /// <param name="defaultTtl">The default ttl</param>
    /// <returns>The services</returns>
    public static IServiceCollection AddRevokeMemoryCacheStore(this IServiceCollection services, TimeSpan? defaultTtl = null)
    {
        services.TryAddSingleton<IBlackList>(provider => new MemoryCacheBlackList(provider.GetService<IMemoryCache>(), defaultTtl));

        return services;
    }

You know the library better than I do, are there any 'run-time' use-case configurations where defaultTtl will be null and this method will be called?

I understand that null is allowed for this method, however, when Revoke is called while null is configured for defaultTtl an exception is thrown similar to:

"message": "System.ArgumentOutOfRangeException: The added or subtracted value results in an un-representable DateTime. (Parameter 'value')\r\n   at System.DateTime.ThrowDateArithmetic(Int32 param)\r\n   at System.DateTime.AddTicks(Int64 value)\r\n   at System.DateTime.Add(TimeSpan value)\r\n   at Revoke.NET.MemoryBlackList.Revoke(String key)"

I would like to add a null check to ensure that an error is thrown on startup instead of runtime -- However, I am not sure if there is any reason why this will be marked as null during the startup.

Question

Is there any reason why a user will call this method below and be happy with a null value for TimeSpan?

// This or similar... note that the TimeSpan will be null
 services.AddRevokeInMemoryStore().AddJWTBearerTokenRevokeMiddleware();

Propose

• Option 1: Do nothing, there is a reason why it will be null, ignore it.

• Option 2: Add a null check that is thrown at runtime if the value is null.

• Option 3: Remove 'allowed null's for this method

• Option 4: Add a default value of XX Time in Days or Minutes

You know the library better than I do, what do you suggest?

Thanks