How to implement method "revokeTokens()"

Hi People,

How to implement Auth’s “revokeTokens()” method in my application? I need the token to automatically expire after 8 minutes. What would be the correct practice for this? Create a job to delete old tokens?

Just create a table where you set a time expire token. Create a table like user_token where user_id, token, token, is_expired. After that create a job where all token times expire after 8 day, just it. At the end checker the field is_expired is actually expired or not and then return any message.

1 Like

Hi @odirleiborgert

Little late to party, but in case you use JWT, you can add exp to it, then there is no need to do DB queries (half the point of JWT)

You just have to configure expiresIn for it in config/auth.js
Auth JWT doc

Set expiresIn to 480000 (8 minutes in milliseconds)

1 Like

Hi @McSneaky I include the expiresIn 480000, however it does not work that way, it simply is not expiring the token.

jwt: {
    serializer: 'lucid',
    model: 'App/Models/User',
    scheme: 'jwt',
    uid: 'email',
    password: 'password',
    options: {
      secret: Env.get('APP_KEY'),
      expiresIn: 480000

@odirleiborgert do you use JWT as your login authenticator? Can you check authenticator property in your auth.js config file?

Hi @ozziest

authenticator: ‘jwt’,

When you use JWT as your authenticator and giving an expire time, it means that when a request has been sent by user with an expired token, middleware will throw an error. You don’t have to delete old tokens. Also you can’t delete old tokens if you use JWT. Because you don’t have to store tokens in your database when you use JWT. After JWT token creation, just you give it to user. Onyl the user is side who stores the token.


Hi @odirleiborgert

What kind of authenticator are you using? (config/auth.js -> authenticator)

1 Like

I think I’ve identified the problem …
480000 should be milliseconds, however the behavior is as it is being 480000 seconds … so I changed to 480 seconds which equals 8 minutes



I missread that part of documentation " Valid time in seconds or ms string" seemed like time in MS… But actually it is “8m”, “1h”, etc…

And default is seconds