Reputation: 99
I want to disable the generated JWT token when the user logs out from the application and this needs to be done in back-end code. How can I disable the JSON Web Token (JWT) using the authentication server (SpringBoot)
Upvotes: 2
Views: 6256
Reputation: 963
Generally speaking, with JWTs you have an access token with a short duration (like 15 minutes) and a longer refresh token (30 days). You should store the refresh tokens that you've given out in a table and when the user logs out, flag the token as revoked and then when you give a new access token out, verify that the refresh token hasn't been revoked.
Upvotes: 6