jwt token to be embedded with a login entry time into a collection of logins.
If the timestamp passes it is invalid but if the login entry is invalidated (within the token collection) then the token can be invalidated this way as we can compose an auth hook to always check the collection to see the current token is still valid before proceeding
Currently, there is no weay to "logout" or "invalidate" a token and this is my proposal on how to do that allowing for "logout" and "revoke" endpoints to exist
jwt token to be embedded with a login entry time into a collection of logins.
If the timestamp passes it is invalid but if the login entry is invalidated (within the token collection) then the token can be invalidated this way as we can compose an auth hook to always check the collection to see the current token is still valid before proceeding
Currently, there is no weay to "logout" or "invalidate" a token and this is my proposal on how to do that allowing for "logout" and "revoke" endpoints to exist