rgkobashi
commented
6 years ago @Aman-US-Punjabi I ran into the same problem, I am assuming you are still sending the token on the request after logging out (like me), if so, the PayloadAuthenticationMiddleware will authenticate him again (you can see that on the source code).
And it will succeed because the token is still valid, what you can do is when the user logs out, invalidate that token. There is a lot of information about how to invalidate tokens. I will write it here but I'm still looking into that 😅
https://github.com/anthonycastelli/Vapor-JWTAuthorization/blob/master/Config/droplet.json#L35
Also, I tried to logout but still after logging out, I'm able to access Secured Routes, dont know what to do, any clue?
Thanks for your time.