Skip to content
Vendidit Auth

RevocationCache

class Vendidit\AuthServer\Contracts\RevocationCache Source: src/Contracts/RevocationCache.php

Slim hot-path cache port for revocation lookups.

Two keys are owned by the Go auth-server and read by us:

  • auth:blacklist:{jti} — per-token revocation
  • auth:user_tv:{user_id} — per-user token-version

Implementations must fail-open: if the backend (Redis) is unreachable, silently return false / null. Matches the Go server’s NoOp fallback behaviour (auth-server CLAUDE.md gotcha #5).