I was wondering if there was a way to destroy/delete/deactivate/whatever a JWT thats been validated and currently in use.
Im moving my application over from CodeIgniter, which allows you to keep the sessions in a database, which makes it easy to terminate account sessions if needed. I was trying to get the same effect here, by destroying the users JWT token
I want ask too!!!
It is not possible with JWT. You can blacklist tokens, please read these two blogposts:
https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/
https://auth0.com/blog/2015/03/10/blacklist-json-web-token-api-keys/
Most helpful comment
It is not possible with JWT. You can blacklist tokens, please read these two blogposts:
https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/
https://auth0.com/blog/2015/03/10/blacklist-json-web-token-api-keys/