Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

Currently, converting session to jwt is supported. But as everyone knows due to the stateless nature of jwt, session revocation before the jwt expire might not possible to be enforced, thus making it less secure.

Describe your ideal solution

It is possible for the revocation be handled by the validator of the jwt. For example krakend api gateway has a way to track jwt that has been revoked using their bloom filter . This scenario can be supported by adding logout action so that the revoked session is notified to outside system

Workarounds or alternatives

not using jwt or periodically check the jwt with kratos

Version

1.3.1

Additional Context

No response