Revoke current Api Token

Hello, I’m trying to do token revocation according to documentation, but it happens that when the user logs in the token that is saved is different from what is generated for it.

  • Login:
async login ({ request, response, auth }) {
  const { email, password } = request.all()
  const token = await auth.withRefreshToken().attempt(email, password)

  return response.status(200).json(token)
  • Return login:
  "type": "bearer",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjIsImlhdCI6MTUxNjY1NjkxMCwiZXhwIjoxNTE2ODI5NzEwfQ.83UbVJEkGNfrQvI6aUuCNQOTAmJnyygfhll3e_P5EwI",
  "refreshToken": "7d11c6560519d52afa81d70d77e2c50723fcbeab65b862d235ce2f9f3c3c04b9b54af7d3e81fae04fcac838fd87736642QzAIHpDUeBNfoW2gdr6LO/1SamgKoE75w96MoB/EYHJ/mw4+VMpCFduMeB3skC9"

How is being saved in the DB is attached!

So I can never find the token that the user is passing me making it impossible to make any changes (delete or update).

Read this

1 Like

@duducp You enabled JWT as auth type.

Yes, I enabled JWT as the authentication type. In this case if the JWT token can not be saved in Mysql, but can I disable this option to not save in DB as soon as the user logs in?

Viewing the link topic, my code looks like this:

const Encryption = use('Encryption')

const token = auth.getAuthHeader()

const decrypted = Encryption.decrypt(token)

What happens is that the decrypted variable is returning me null. The token variable returns me the token correctly.

Then the token is invalid

Actually it is wrong, because I was passing the token itself being that the correct one is to pass the refresh token.