Example for logout?

[ryanscherler]

If I have a defined firewall like this:

$app['security.firewalls'] = array(
    'login' => [
        'pattern' => 'auth',
        'anonymous' => true,
    ],
    'secured' => array(
        'pattern' => '^/api/',
        'logout' => array('logout_path' => '/v1/logout'),
        'security' => $app['debug'] ? false : true,
        'users' => $app['users'],
        'jwt' => array(
            'use_forward' => true,
            'require_previous_session' => false,
            'stateless' => true,
        )
    ),
);

and my API routes are like this:

/*
 * API Routes
 */
$api = $app['controllers_factory'];
$api->post('/auth', 'App\Controllers\API\AuthController::auth');
$api->get('/pages/{path}', 'App\Controllers\API\PageController::children')->assert('path', '.*');
[...]
$app->mount('/api/v1', $api);

How can I handle a logout call / route definition?

e.g. /api/v1/logout (destroy the user's session?)

[ryanscherler]

I am not sure how to handle the logout when doing it via an API call? The Silex security docs show for handing via a form.

I've considered just not worrying about destroying the session on the server and just removing the token from localStorage and calling it good. Just wasnt sure of best practices on how to handle logging out with JWT / API / client side apps.

Any help / advice is much appreciated! Thanks for this great service provider ;-) Authentication works great!

[cnam]

Hello @ryanscherler, for logout remove token from local storage, thats all.

[ananda-agrawal]

Hi @cnam, what is the best way to implement blacklist for logouts, please suggest.