Changes

==== People - Person - JSON Web Tokens (JWT) Session tokens ====Using JSON Web Tokens (JWT)session tokens, when the user logs out, the token is discarded by the client. However, if anyone keeps hold of the token, further API requests are still possible using said token until the token expires. In other words: a "log out" procedure doesn't really exist and can't be implemented properly. On the internet, most people mention a "revocation list" or a "black list" containing tokens which have been revoked. This makes the API stateful, because this token list must be stored somewhere. In our case, we store the JSON Web Tokens session tokens in a leaf beneath the person (as these tokens are personal).

Below each person entry, we have a toke sub tree, which stores the JSON Web Tokenssession tokens:

Each JSON Web Token (JWT) receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ... In the example below, the JSON Web Token session token <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code> has towas created on the 13th of April 2021 at 08:10:27 UTC (<code>sstCreationDate: 20210413T081027Z</code>) and two clients have used this token (the first with an IPv4 address, the second with an IPv6 address):