Sisir
Reputation: 2804
Express Gateway - JWT Verification policy checkCredentialExistence for remote auth server
I am using express gateway as API Gateway middleware with the following setup.
- Express gateway serves as gateway only.
- My auth (user database) server is at a different location and I am routing all login request to the auth server to get jwt.
- Multiple resource server is behind express gateway. Which will not authorize or authenticate any request. All incoming request is treated as already authenticated
I have setup the EG config such a way that it verifies the JWT and only passes requests with correct JWT. Because the authorization checkCredentialExistence on the gateway itself.
Problem
When users sends logout request I revoke both access & refresh token from the auth server. BUT, the revoked JWT token still a valid token. And gateway keep passing the incoming requests with revoked jwt.
Is there a way to check with remote api if JWT is still valid in Express gateway?
Upvotes: 0
Views: 469
Answers (1)
Mehrdad
Reputation: 1731
jwt access token is kind of self signed token and there is no way to revoke it, you can use refrence token for this senario
Upvotes: 0
Related Questions
- JWT verification when using API Gateway (Node / Express)
- Express Gateway JWT verification in cookies
- Check auth with JWT (nodeJS)
- JWT token is always invalid when verified
- passport-jwt always return 'Unauthorized' - 401
- Handle JWT Verify Failure
- Express Gateway JWT issue
- Apply jwt on express routes without raising an error
- How to call jwt verification function from routes?
- ExpressJS - JWT and Passport Implementation