JWT revoke token


#1

Hi !

I need to implement a logout method for JWT, the only way i read is :

await auth.check()
const user = await auth.getUser()
await user
.tokens()
.where('type', 'jwt_refresh_token')
.update({ is_revoked: 1 }) 

it works in database but the token is still active for next requests :confused:

Any idea ?

Thanks,

Sam


#2

I believe the best way to logout a jwt token would be to remove it from the client side

That is If you save the token in a localstorage simply remove it from localstorage and this will logout a user.

To get a new token simply login the user again


#3

You could also store it in cache with the token validity as duration and add a blacklisted middleware


#4

Hey :wave:

Please, do a little bit of search before creating a new question.
This has been answered many times.