Feature Request: Method for Manually Destroying Tokens

Question

Feature Request: Method for Manually Destroying Tokens

alckordev opened this issue a year ago · 3 comments

Issue Description

Currently, there is no method in LexikJWTAuthenticationBundle to manually destroy a token. This can be problematic, as users may log out on the frontend by removing the token from local storage or cookies, but the token can still be valid until it expires. I suggest implementing a method that allows for the manual invalidation or destruction of an active token.

Suggestion Details

Method Name: destroyToken() o similar.
Functionality: This method should invalidate the current token, ensuring that it is not valid for future requests.

Benefits

Allows application developers to proactively manage the expiration of tokens.
Improves security by enabling manual invalidation of tokens in specific situations.

Example Usage (Hypothetical)

// Hypothetical example of how the new method could be used
$token = $JWTManager->create($user);
$JWTManager->destroyToken($token);

Answer 1 · 2024-01-12T14:39:11.000Z

You're looking for something like #1170 then.

Answer 2 · 2024-01-21T11:41:43.000Z

Indeed. Please consider reviewing #1170 in case you see something's wrong or missing. Thanks

Answer 3 · 2024-01-23T22:12:29.000Z

Indeed. Please consider reviewing #1170 in case you see something's wrong or missing. Thanks

Is there documentation for this?