figure002
commented
10 months ago It's not possible to revoke a token, see https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html#no-built-in-token-revocation-by-the-user
A refresh token is used to obtain a new token when the token is expired, so that's not useful for log out.
To log a user out, you can simply remove the token from the client.
I'm using django, graphene and mongodb to make a project, but i have the problem that i dont know how implement a log out, i've tried to use refresh token to my application depends of this, because i saw that this refresh token have the posibility to revoke and make it expired, but i see that doesn't work, i receive the message "Cannot force an update in save() with no primary key.", anyone knows how to solve it?