Feathers: i use JWT authentication . how can i log out?

With the authentication client this is done by calling app.logout.

Internally this will call remove on the authentication service which will trigger the logout event. Through HTTP this means DELETE /authentication/<jwt> or DELETE /authentication with the header Authorization: <jwt>.

but

With the authentication client this is done by calling app.logout.

Internally this will call remove on the authentication service which will trigger the logout event. Through HTTP this means DELETE /authentication/<jwt> or DELETE /authentication with the header Authorization: <jwt>.

i use this way DELETE /authentication with the header Authorization: <jwt> ,but i use this accessToken can also pass authentication.why?

I'm not sure I follow?

I'm not sure I follow?

DELETE /authentication with the header Authorization: is not working. the deleted accessToken also can be approved

hes right it doesn't work

here is how i log out -- not sure if this is optimum or not, i am still
waiting confirmation:

logout

https://github.com/feathersjs/docs/issues/1369

Thank you,

Mark Edwards

On Thu, Jan 16, 2020 at 6:28 AM hnahmed notifications@github.com wrote:

hes right it doesn't work

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/feathersjs/feathers/issues/1417?email_source=notifications&email_token=AAWJ3YRKFC5FN5FWUEULY7LQ6BOJRA5CNFSM4H3OF3N2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJEBX4Y#issuecomment-575151091,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAWJ3YQV3MPWSGXNGPU4RLTQ6BOJRANCNFSM4H3OF3NQ
.

here is how i log out -- not sure if this is optimum or not, i am still waiting confirmation: a href='#' onClick='javascript: (async () => { await feathersClient.logout(); })(); '>logoutfeathersjs/docs#1369 Thank you, Mark Edwards
[…](#1752

That works if your front end and backend are both run with feathers. Doesn't work if you're trying to log a user out with HTTP requests from the frontend.

Here's what I found for that function:

```

{

1148 | key: "logout",
1149 | value: function logout() {
1150 | var _this6 = this;
1151 |  
1152 | return Promise.resolve(this.app.get('authentication')).then(function () {
1153 | return _this6.service.remove(null).then(function (authResult) {
1154 | return _this6.removeAccessToken().then(function () {
1155 | return _this6.reset();
1156 | }).then(function () {
1157 | _this6.app.emit('logout', authResult);
1158 |  
1159 | return authResult;
1160 | });
1161 | });
1162 | }).catch(function (error) {
1163 | return _this6.handleError(error, 'logout');
1164 | });
1165 | }
1166
```| }

here is how i log out -- not sure if this is optimum or not, i am still waiting confirmation: a href='#' onClick='javascript: (async () => { await feathersClient.logout(); })(); '>logoutfeathersjs/docs#1369 Thank you, Mark Edwards
[…](#1752

That works if your front end and backend are both run with feathers. Doesn't work if you're trying to log a user out with HTTP requests from the frontend.

Here's what I found for that function:

{
--
1148 | key: "logout",
1149 | value: function logout() {
1150 | var _this6 = this;
1151 |  
1152 | return Promise.resolve(this.app.get('authentication')).then(function () {
1153 | return _this6.service.remove(null).then(function (authResult) {
1154 | return _this6.removeAccessToken().then(function () {
1155 | return _this6.reset();
1156 | }).then(function () {
1157 | _this6.app.emit('logout', authResult);
1158 |  
1159 | return authResult;
1160 | });
1161 | });
1162 | }).catch(function (error) {
1163 | return _this6.handleError(error, 'logout');
1164 | });
1165 | }
1166 
```| }

so,it look like removeAccessToken() doesn't be called when using http request?

JWTs have no built in mechanism to invalidate them. Any valid JWT will continue to be usable until it expires. To logout a client has to "forget" it. The logout is just a convenience method to indicate to the server that the user wishes to log out.

It can be used e.g. blacklist the token so that it can not continue to be used. This is possible in v4 but I have not finished the docs for it. The issue for this is https://github.com/feathersjs/feathers/issues/1336

JWTs have no built in mechanism to invalidate them. Any valid JWT will continue to be usable until it expires. To logout a client has to "forget" it. The logout is just a convenience method to indicate to the server that the user wishes to log out.

It can be used e.g. blacklist the token so that it can not continue to be used. This is possible in v4 but I have not finished the docs for it. The issue for this is #1336

alright, I understand. So in client i just need to do this for logout.localStorage.removeItem('accessToken'),is that right?

JWTs have no built in mechanism to invalidate them. Any valid JWT will continue to be usable until it expires. To logout a client has to "forget" it. The logout is just a convenience method to indicate to the server that the user wishes to log out.
It can be used e.g. blacklist the token so that it can not continue to be used. This is possible in v4 but I have not finished the docs for it. The issue for this is #1336

alright, I understand. So in client i just need to do this for logout.localStorage.removeItem('accessToken'),is that right?

or remove cookie of accessToken

Correct. When using Feathers on the client this will happen automatically when calling app.logout().

Correct. When using Feathers on the client this will happen automatically when calling app.logout().

Thank you very much for your reply