AdonisJS Framework
revokeTokensForUser Not working #1501
Replies: 1 comment 4 replies
-
|
JWTs can't be revoked, that's the point of JWTs :) They are totally stateless, once they are generated they can't be revoked |
Beta Was this translation helpful? Give feedback.
-
Huum... how could I add more security to them? for example a jwt that is not "eternal"? for example, my site has a logout that delete the token from the cookie but if the user save it he can use it after that. |
Beta Was this translation helpful? Give feedback.
-
|
you can specify the expireIn for jwt's. |
Beta Was this translation helpful? Give feedback.
-
|
Got it... but them the user should login again right? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, after the user jwt expires, the front-end should have some sort of logic to check for the expiresIn or catch the API's exception in order to prompt the user to login again. |
Beta Was this translation helpful? Give feedback.
-
Hi guys
I'm loggin a user doing this.
const token = await auth.attempt(user.email, password, { user })then I catch the token and set on postman as a bearer token
then when I try to revoke it doing this
const user = await User.findOrFail(auth.user.id)await auth.authenticator('jwt').revokeTokensForUser(user)The token stil working, what I'm doing wrong?
Beta Was this translation helpful? Give feedback.
All reactions