szerhusenBC/jwt-spring-security-demo

Token Invalidation

Closed this issue · 5 comments

Hi Stephan,

I will like to know if there's a way to invalidate a token when a user logout?

Once a user log out and the token has not expired yet, i want the token to be invalid token that will give an unauthorized error to any request by the user using the token again.

Thank you.

Hi @Oluwaseun-Smart ,

there are different approaches you could do that. Here's is a discussion from Stackoverflow:

https://stackoverflow.com/questions/21978658/invalidating-json-web-tokens

I hope, that helps you.

if you use angular Sir , you can simply delete the local token !

if you use angular Sir , you can simply delete the local token !

You're right. But the problem is, that you still could use the token (if you somehow copied it before etc.), because the app would say that it is valid. The question is how to invalidate it so you can't use it anymore after logout.

i made a token with 30min validation period : so no time ti use it again !

This may be a solution. But then you have to refresh it at least every 30 mins to keep it valid, right?