Reputation: 181
How to make a Single Use JWT
I am currently making a "forgot password" feature for my project. I'm attaching a JWT to the end of the reset password link that expires after 10 minutes. But I also want that link to only be used once (right after they reset their password). At first I figured I would just update the token expiration once they update their password (stupid) but once I did that, I realized that the token wouldn't update their url or the url in their email! So I'm just wondering if anybody knows of a way to create a single use JWT. Hopefully I gave enough information on what I'm looking for. If not, feel free to ask me to expound. Thanks in advance!
Upvotes: 1
Views: 2879
Answers (1)
Reputation: 382
You could store the date/time of the last time a password change was made by the user in the db with their record. If the last password change time/date is greater than the time in which the token was created return false for the function. Sure you have to add a little logic but it shouldn't be difficult or extensive. There are better ways to do this which involve refresh tokens and so forth but this seems like a simple fix given the problem.
Upvotes: 4
Related Questions
- Authenticating routes with Jwt Token
- NodeJS Authorize with JWT token
- How to do common binding of JWT token into each route using Node.js and express
- Token Authentication - JWT
- Node.js API with JWT authentication
- Double authenticator with JWT in NodeJS Express
- Node.js JWT token
- Storing JWT server side express.js
- Easiest Node.js/Express authorization
- How correctly work with JWT and node