Closed radudalbea closed 2 years ago
You need to be logged in to revoke, otherwise adonis-jwt doesn't know what to revoke. Make sure to pass the JWT token in header or cookie to be able to revoke it
reopen if you want to follow up
hello @maxgalbu , I'm testing the library and it's great, thank you very much for your contribution.
I have the same problem as @radudalbea, I already verified that when the request arrives the token is sent (bearer token authorization), it even shows the information that the token payload has in the console. But then when calling the logout function I get the same error
async logout({ auth }) {
// Validating that the token has arrived
await auth.use("jwt").authenticate();
const the_user: User = auth.use("jwt").user!;
//in the console I actually get the information that comes in the token
console.log("Info user ", JSON.stringify(the_user))
//revoke() --> i get the problem "Empty or no refresh token passed"
await auth.use('jwt').revoke();
return {
revoked: true
};
}
Thank you
Vuelve a abrir si quieres hacer un seguimiento.
This is still happening.
The thing is that it is required to pass the refresh token in order to revoke it when the JWT is not persisted in the db, because there is no way to know which token to revoke otherwise.
@rodcrespo you are right. It's a problem with the specs. You cannot revoke a token that is not persisted somewhere(database or Redis).
Hi,
When I call the revoke method I get an error message saying: Empty or no refresh token passed.
The code is exactly like in the docs:
Is there an issue with it or am I doing something wrong?