Does logout invalidate JWTs? #5075
Unanswered
alfonso-paella
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi folks. Typically in other auth libraries, when a user logs out, their credentials stop working after a few minutes.
For example if you use refresh + access tokens, access tokens tend to expire in 30min to an hour, and a user log out prevents the refresh token from being able to mint new access tokens.
Does nextauth have similar functionality? From all I can see, if a user logs out, their JWT continues to work for whatever the session expiration was (default seems to be 30 days). Am I understanding things properly? If so, is there a recommended way to expire JWTs when a user logs out?
Beta Was this translation helpful? Give feedback.
All reactions