Method revokeTokens not working

I’ve created this method to return a JWT token:

async signIn({ request, auth }) {
    const data = request.only(['email', 'password'])

    const token = await auth.withRefreshToken().attempt(data.email, data.password)

    return token
}

And I got the following response:

{
    "type": "bearer",
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsImlhdCI6MTU2NjIzMjk5MCwiZXhwIjoxNTY2MjM0NzkwfQ.ZJxV43EttbuThJCVL_EAGkBmV94L8UHcADRA721v8Sg",
    "refreshToken": "24ee99f85f8fb5f3300a5cf92198eb94IcXJbXqpVzmEbPKkW5EN7VWLQwbJOlIz9suajOxuXDQBLqq+wp192poMhWiXYZj6"
}

Now I want to revoke the refreshToken. I’ve tried to do the same as the described in the docs, but nothing is happening :frowning:

async signOut({ request, auth }) {
    try{
        const data = request.only('refresh_token')

        console.log('refreshToken:', data)

        const revokeTokensResponse = await auth.authenticator('jwt').revokeTokens([data.refresh_token])

        console.log('nothing happens:', revokeTokensResponse)

        return revokeTokensResponse
    } catch (error) {
        console.log('error:', error);
    }
}

Text printed in the console:

Tokens table after calling the signOut method:

What did I do wrong? :thinking:

1 Like

I may be getting old and this may be a silly question - but is there a refresh_token in your data? It looks different in the image. Would you not use [data['refresh token']] for the revocation?

To me it seems like your refresh token in database and the one you are about to delete are different.

Are you sure you are deleting the right one?

No. As you can see in the console image, it show the refresh_token when I call the console.log on the line below:

Exactly. That’s the problem. But Its not my error, I checked several times. So, or the documentation is wrong (incomplete) or there is a bug in the framework.

Solution:

I was able to solve the problem by decrypting the token and deleting it manually:

async signOut({ request, response }) {
    const refreshToken = request.header('refresh-token')

    const decryptedToken = Encryption.decrypt(refreshToken)

    await Token.query().where('token', decryptedToken).delete()

    return response.ok()
}

Note: I created the solution based on issues already reported in github, like this one:

2 Likes