Node-jsonwebtoken: Create a method to delete or invalidate the token

Created on 23 Sep 2019  路  3Comments  路  Source: auth0/node-jsonwebtoken

To delete or invalidate toke like

The method name is invalid or deleted.

const data = { test: 1 };
const token = jwt.sign(data, 'shhhh', { expiresIn: 100 });
const invalidate = jwt.invalidate(token, privateKey);
const old_token = jwt.verify(token, 'shhhh');

// { test: 1 }
console.log(data);
// { error: "Invalid/deleted token, create a new" }
console.log(invalidate);

or something like this.

Most helpful comment

Most of developers doesn't understand that there is no way to invalidate the token in a stateless system. To do that you must introduce a... state. For example you can implement white- or blacklisting of tokens and check every request against this list. Or introduce a session. But well, this is never a part of an jwt library like this one. Look for example at Single Sign Out.

All 3 comments

Most of developers doesn't understand that there is no way to invalidate the token in a stateless system. To do that you must introduce a... state. For example you can implement white- or blacklisting of tokens and check every request against this list. Or introduce a session. But well, this is never a part of an jwt library like this one. Look for example at Single Sign Out.

Tks for replying to me about this issue.
I didn't know jwt and didn't know its features completely.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

shea256 picture shea256  路  3Comments

rynbyjn picture rynbyjn  路  5Comments

Teebo picture Teebo  路  4Comments

usamamashkoor picture usamamashkoor  路  4Comments

Sir-hennihau picture Sir-hennihau  路  4Comments