We have been very impressed by the Xano system and community. We're running into a small question we can't seem to find the best answer for.
Our proof of concept uses the authentication token to validate interactions between frontend (postman for now) and the backend. All is great and happy.
Now we're running into the situation that we have a logged in user communicating with secure endpoints using the authentication token. How would we revoke that users access to the API is het get's fired from his job. Waiting for the authentication token to expire leave quite a big gap in security. Running a check on all api endpoint via custom function to check if the user login is still valid adds overhead.
How would you deal with a challange like this?