Wijayanga Wijekoon
Reputation: 99
How to Disable a JWT Token
I want to disable the generated JWT token when the user logs out from the application and this needs to be done in back-end code. How can I disable the JSON Web Token (JWT) using the authentication server (SpringBoot)
Upvotes: 2
Views: 6256
Answers (1)
Seth Killian
Reputation: 963
Generally speaking, with JWTs you have an access token with a short duration (like 15 minutes) and a longer refresh token (30 days). You should store the refresh tokens that you've given out in a table and when the user logs out, flag the token as revoked and then when you give a new access token out, verify that the refresh token hasn't been revoked.
Upvotes: 6
Related Questions
- How can I revoke a JWT token?
- how destroy jwt token from spring boot backend
- How to handle a valid JWT token with Spring Security?
- JAVA : How to invalidate all JWT token of particular user?
- How to revoke auth token in spring security?
- Remove JWT on logout in Spring Application
- Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint
- Revoke JWT Oauth2 Refresh Token
- spring security oauth2 disable jsessionid based session
- Spring security OAuth2 - how to disable access token expiry?