You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -306,7 +306,10 @@ export class BearerTokenVerifyProvider
306
306
) {}
307
307
308
308
value():VerifyFunction.BearerFn {
309
-
returnasync (token) => {
309
+
returnasynctoken=> {
310
+
if (token&& (awaitthis.revokedTokenRepository.get(token))) {
311
+
thrownewHttpErrors.Unauthorized('Token Revoked');
312
+
}
310
313
const user =verify(token, process.env.JWT_SECRETasstring, {
311
314
issuer: process.env.JWT_ISSUER,
312
315
}) asUser;
@@ -315,6 +318,7 @@ export class BearerTokenVerifyProvider
315
318
}
316
319
}
317
320
```
321
+
The above example has an import and injection of a RevokedTokenRepository, which could be used to keep track of revoked tokens in a datasource like Redis. You can find an implementation of this repository [here](https://github.com/sourcefuse/loopback4-starter/blob/master/src/repositories/revoked-token.repository.ts) and the Redis datasource [here](https://github.com/sourcefuse/loopback4-starter/blob/master/src/datasources/redis.datasource.ts).
318
322
319
323
Please note the Verify function type _VerifyFunction.BearerFn_
0 commit comments