Skip to main content

Revocation

A PINT can be invalidated before its exp. When that happens, every JWT ever issued against that PINT becomes invalid regardless of the JWT’s own expiry. Revocation is the mechanism that closes the gap between “the user changed their mind” and “the user’s token expires.”

What triggers revocation

  • User revokes from the Sumvin app — for example, revoking consent for a previously-granted scope.
  • System revokes on policy violation — KYC regression, Safe compromise signal, anomalous activity.
Revocation applies at the PINT level, not at the individual JWT level. One revoked PINT invalidates every JWT in circulation that was exchanged from it.

How a verifier checks

GET /v0/sis/pint/{pint_id}/status
The response carries the PINT’s current status. If the status is not active (for example, revoked), treat the inbound JWT as invalid regardless of its own exp.

When to check

Every verifier picks between two strategies:
StrategyWhen to checkTrade-off
Always-checkPer requestStrictest; adds a round-trip to per request
Lazy-checkOn cache miss or for sensitive actions onlyCheaper; narrows the window in which a revoked PINT can still be used
Lazy-check is common for read-only Standard-tier scopes. Always-check is the right choice for any Enhanced-tier action — the value of verifying the Safe signature is diluted if you don’t also check revocation.

See also

Referenced from