Changes
/* People - Person - JSON Web Tokens (JWT) */
==== People - Person - JSON Web Tokens (JWT) ====
Using JSON Web Tokens (JWT), when the user logs out, the token is discarded by the client. However, if anyone keeps hold of the token, further API requests are still possible using said token until the token expires. In other words: a "log out" procedure doesn't really exist and can't be implemented properly. On the internet, most people mention a "revocation list" or a "black list" containing tokens which have been revoked. This makes the API stateful, because this token list must be stored somewhere. In our case, we store the JSON Web Tokens in a leaf beneath the person (as these tokens are personal).
Below each person entry, we have
In the example below, the JSON Web Token <code>sstToken=2e211493-41e6-4c74-9431-b5d990b177a4</code> points to virtual machine with the b543f88f-dffe-426f-86d3-c7ff85c16d2a and the uid: 1234567.
<source lang='ldif'>
</source>
==== People - Person - Roles (LEGACY) ====
