Jwt-auth: how to destroy jwt token,use JWTAuth::invalidate($token) not work

Created on 18 Jun 2019  Â·  5Comments  Â·  Source: tymondesigns/jwt-auth

Subject of the issue

how to destroy jwt token,use JWTAuth::invalidate($token) not work

Your environment

| Q | A
| ----------------- | ---
| Bug? | no
| New Feature? | no
| Framework | Laravel
| Framework version | 5.7
| Package version | 1.0.0-rc.3
| PHP version | 7.2.12

Steps to reproduce

JWTAuth::invalidate function need the parameter is $forceForever not the token

/**
     * Invalidate a token (add it to the blacklist).
     *
     * @param  bool  $forceForever
     *
     * @return $this
     */
    public function invalidate($forceForever = false)
    {
        $this->requireToken();

        $this->manager->invalidate($this->token, $forceForever);

        return $this;
    }

now,I have a old token need to destroy it when user login,so which function can I use? thx!

picture hhxiaohei
🚀1

Most helpful comment

if ever you need to invalidate a different token, for example you are tracking a list of tokens in a database and you want to invalidate them.. 

\JWTAuth::manager()->invalidate(new \Tymon\JWTAuth\Token($tokenString), $forceForever = false);
picture ajcastro on 25 Nov 2019
👍2 🚀1 😕1 🎉1

All 5 comments

@hhxiaohei Have a look at these docs.

https://jwt-auth.readthedocs.io/en/develop/auth-guard/#invalidate

You don't pass the token, just the param for forceForever.

philbenoit-ibsa picture philbenoit-ibsa on 20 Jun 2019
👍1

if ever you need to invalidate a different token, for example you are tracking a list of tokens in a database and you want to invalidate them.. 

\JWTAuth::manager()->invalidate(new \Tymon\JWTAuth\Token($tokenString), $forceForever = false);
ajcastro picture ajcastro on 25 Nov 2019
👍2 🚀1 😕1 🎉1

Why didn’t you just mention that it is easier to invalidate with the auth helper, in the following way:
auth()->invalidate(true)
In my case my guard is called store_user so
auth(“store_users”)->invalidate(true)
The true will forever invalidate the token

averageflow picture averageflow on 28 Jan 2020

Why didn’t you just mention that it is easier to invalidate with the auth helper, in the following way:
auth()->invalidate(true)
In my case my guard is called store_user so
auth(“store_users”)->invalidate(true)
The true will forever invalidate the token

@ajcastro is right with his solution, because auth()->invalidate($token) for few doesn't work.

kunal4sd picture kunal4sd on 22 Sep 2020
👍1

if ever you need to invalidate a different token, for example you are tracking a list of tokens in a database and you want to invalidate them..

\JWTAuth::manager()->invalidate(new \Tymon\JWTAuth\Token($tokenString), $forceForever = false);

Thanks, it worked for me as compare to auth()->invalidate($token)

kunal4sd picture kunal4sd on 22 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

phamduong picture phamduong  Â·  3Comments
lloy0076 picture lloy0076  Â·  3Comments
lbottoni picture lbottoni  Â·  3Comments
therealmjk picture therealmjk  Â·  3Comments
aofdev picture aofdev  Â·  3Comments