AdonisJS Framework
revokeTokensForUser Not working #1501
Replies: 1 comment 4 replies
-
|
JWTs can't be revoked, that's the point of JWTs :) They are totally stateless, once they are generated they can't be revoked |
Beta Was this translation helpful? Give feedback.
-
Huum... how could I add more security to them? for example a jwt that is not "eternal"? for example, my site has a logout that delete the token from the cookie but if the user save it he can use it after that. |
Beta Was this translation helpful? Give feedback.
-
|
you can specify the expireIn for jwt's. |
Beta Was this translation helpful? Give feedback.
-
|
Got it... but them the user should login again right? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, after the user jwt expires, the front-end should have some sort of logic to check for the expiresIn or catch the API's exception in order to prompt the user to login again. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi guys
I'm loggin a user doing this.
const token = await auth.attempt(user.email, password, { user })then I catch the token and set on postman as a bearer token
then when I try to revoke it doing this
const user = await User.findOrFail(auth.user.id)await auth.authenticator('jwt').revokeTokensForUser(user)The token stil working, what I'm doing wrong?
Beta Was this translation helpful? Give feedback.
All reactions