Question
Design a token revocation system for a B2B SaaS issuing stateless JWT access tokens (15-min TTL) to ~50M daily active users across 12 edge regions. Security wants the ability to revoke a specific session immediately (admin logs out a device, account compromise) and to force-logout an entire tenant on breach. The catch: access tokens are validated at the edge with zero round-trips to a central service in the common case. Walk through how you'd reconcile 'stateless, fast, no DB hit' with 'revocable in <30s globally'. Cover the access/refresh split, latency, and the failure mode when the revocation store is unreachable.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.