Wijayanga Wijekoon
Wijayanga Wijekoon

Reputation: 99

How to Disable a JWT Token

I want to disable the generated JWT token when the user logs out from the application and this needs to be done in back-end code. How can I disable the JSON Web Token (JWT) using the authentication server (SpringBoot)

Upvotes: 2

Views: 6256

Answers (1)

Seth Killian
Seth Killian

Reputation: 963

Generally speaking, with JWTs you have an access token with a short duration (like 15 minutes) and a longer refresh token (30 days). You should store the refresh tokens that you've given out in a table and when the user logs out, flag the token as revoked and then when you give a new access token out, verify that the refresh token hasn't been revoked.

Upvotes: 6

Related Questions