JWT revoke token


Hi !

I need to implement a logout method for JWT, the only way i read is :

await auth.check()
const user = await auth.getUser()
await user
.where('type', 'jwt_refresh_token')
.update({ is_revoked: 1 }) 

it works in database but the token is still active for next requests :confused:

Any idea ?




I believe the best way to logout a jwt token would be to remove it from the client side

That is If you save the token in a localstorage simply remove it from localstorage and this will logout a user.

To get a new token simply login the user again


You could also store it in cache with the token validity as duration and add a blacklisted middleware


Hey :wave:

Please, do a little bit of search before creating a new question.
This has been answered many times.