Hi,
I'm french so sorry for my english.
How can I set a token to a invalidat status ?
(En fran莽ais : Je voudrais que le token devienne invalide quand je le souhaite, est-ce possible ?)
Thanks
Hi,
Do you want to be able to invalidate just one particular token or every still valid token at once ?
Regards.
Thanks for your quickly response,
Just one
Right now there really is no easy way to invalidate a particular token, as it is not part of the JWT specification. But if you really need to, some solutions are presented in this this thread.
Look at this cookbool entry and the IP flag examples, you should be able to customize the token validation by using the Events::JWT_CREATED and Events::JWT_DECODED events.
You could add a property to your user, let's say hash, and add it to the token payload and check its validity when your application receives the token back. When you need to invalidate a particular token, change its user hash value and the token won't work anymore.
Let me know if it helps.
Thanks, the answer with hash is ok for me :)
I shared a possible solution on https://github.com/lexik/LexikJWTAuthenticationBundle/issues/46
Most helpful comment
Right now there really is no easy way to invalidate a particular token, as it is not part of the JWT specification. But if you really need to, some solutions are presented in this this thread.
Look at this cookbool entry and the IP flag examples, you should be able to customize the token validation by using the
Events::JWT_CREATEDandEvents::JWT_DECODEDevents.You could add a property to your user, let's say
hash, and add it to the token payload and check its validity when your application receives the token back. When you need to invalidate a particular token, change its userhashvalue and the token won't work anymore.Let me know if it helps.