Change JTI to use UUIDv7 #943
Description
Currently, the token blacklist app utilizes jti for blacklisted token lookups. The jti is a claim in the token with a uuidv4 as the value. UUIDv7 is a temporal UUID that is lexicographically sortable. Today, the blacklist app struggles in performance in three ways:
- There is no index set on jti column in the OutstandingToken column
- A b tree index on a uuidv4 would cause poor performance on each row insertion. Though tangential since it doesn't apply to SimpleJWT, without the index (which doesn't currently exist), each lookup of an OutstandingToken results in a full table scan; even with an index, there is no index locality, so, if you do a range scan, because of the lack of locality, the index is somewhat useless
- We don't use database native UUID attribute types. We should migrate away from char based columns to save storage.
I'm not sure if anyone created a custom jti. Please let me know if you want to keep the jti column to be char based for custom jti values.
3 is not necessarily needed. If we skip point 3, adding an index to jti and switching to UUIDv7 would require no change from the user's perspective.
If we want to tackle 3, would love to know if anyone has ideas on how to migrate the column type without down time.