reza_khalafi
Reputation: 6534
How to logout and destory token in PyJWT Django?
I have make a token in PyJWT like this:
import jwt
import datetime
payload = {
"id": 1,
"exp": datetime.datetime.utcnow() + datetime.timedelta(minutes=1000),
"iat": datetime.datetime.utcnow()
}
token = jwt.encode(payload, 'secret', algorithm='HS256')
And sent to front and also retrive my payload like this:
payload = jwt.decode(token, 'secret', algorithms=['HS256'])
And now i want to destroy token in server and logout. How to do this?
Upvotes: 0
Views: 1435
Answers (2)
Mohammad AlQudah
Reputation: 47
Change secret key from settings.
Note that this will effectively log out ALL your users. No JWTs issued with the old key will be valid.
Upvotes: 0
reza_khalafi
Reputation: 6534
So i found the solution. JWT tokens are not destroyable. And best way for us to do is make a table in our database like blacklist and add dead tokens ito it when call logout method.
And then when try to check user token validation just check that table and if the token exist, you should not accept user and return User Not Authenticated.
Be successful
Upvotes: 0
Related Questions
- How to logout in django?
- How to delete a django JWT token?
- Logout Django Rest Framework JWT
- How to log out using rest framework jwt
- How to logout with JWT
- How can I logout a user in Django?
- destory token after logout
- django rest framework - token authentication logout
- Django Rest Framework logout not working after token authentication
- Django rest framework json web token logout function