Reputation: 141
How to implement Logout functionality in SpringBoot2 OAuth2-JWT
I have implemented OAuth2 with SpringBoot2 and JWT - auth-server and resource-server. My Backend consists of below tables:
- AppUser
- AppRole
- AppPermission
- OAuth_Client_Details
Can anyone guide me on how to achieve logout functionality?
Upvotes: 0
Views: 272
Answers (1)
Reputation: 2148
I asume from your post, that you are using client credentials as OAuth type in combination with JWT tokens?
In this case, the authentication information is encoded inside the JWT. The JWT validity is verified by the resource server using the authorization server's public certificate. Self contained tokens like JWT are not meant to be revoked. Once a JWT token is issues, it is valid intill it's expiration time is reached.
Resource server and/or authorization server have no means to log out a client, unless some sort of JWT blacklists are maintained and checked constantly. This would defeat the purpose of using (self contained) JWT tokens.
Upvotes: 1
Related Questions
- Logic to implement a RESTFUL logout API using oauth2ResourceServer JWT in a spring application
- How can logout using spring boot jwt
- Spring Authorization Server - how do you implement a 'log' out user functionality?
- Logout springboot jwt
- JWT authentication: How to implement logout?
- Spring-boot JWT logout
- Spring Boot OAuth2 Single Sign Off (Logout)
- Implement 'logout' functionality in Spring Boot
- Spring Boot Oauth2 logout endpoint
- Spring Security Oauth2 logout using @FrameworkEndpoint