Is there a way to invalidate the token from a controller ???
Hi,
Token invalidation is not implemented as it is not part of the JWT specification. If you really need it, take a look at this thread.
@slashfan I got here while searching for the same thing. Thanks for the shared link - it was very useful.
As i implemented one of the suggestions there with Lexik id like to share it for others. Sure one could discuss now if this is still stateless now - anyway i think that the db query is fine as Symfony is doing so anyway and there are hardly no solutions without beeing kind of stateful.
Here is what i did:
I tried to ensure few things:
Gist: https://gist.github.com/benjaminrau/865f94d142605eb72a23a34ccdd0617a
@benjaminrau with your solution if a sure is logged into two different computers, logging out on one logs out on all, right?
@waspinator Yes, if intended. A "logout from all" would change the tokenValidAfter date and thus logout from all computers / invalidate all tokens. Regular logout would not change tokenValidAfter and user can logout from just one place.