Revoke method doesn't work

[radudalbea]

Hi,

When I call the revoke method I get an error message saying: Empty or no refresh token passed.

The code is exactly like in the docs:

 public async logout({ auth }) {
    await auth.use('jwt').revoke();

    return {
      revoked: true
    };
  }

Is there an issue with it or am I doing something wrong?

[maxgalbu]

You need to be logged in to revoke, otherwise adonis-jwt doesn't know what to revoke. Make sure to pass the JWT token in header or cookie to be able to revoke it

[maxgalbu]

reopen if you want to follow up

[felipebuitragocarmona]

hello @maxgalbu , I'm testing the library and it's great, thank you very much for your contribution.

I have the same problem as @radudalbea, I already verified that when the request arrives the token is sent (bearer token authorization), it even shows the information that the token payload has in the console. But then when calling the logout function I get the same error

async logout({ auth }) {
        // Validating that the token has arrived
        await auth.use("jwt").authenticate();
        const the_user: User = auth.use("jwt").user!;
        //in the console I actually get the information that comes in the token
        console.log("Info user ", JSON.stringify(the_user))
        //revoke() --> i get the problem "Empty or no refresh token passed"
        await auth.use('jwt').revoke();
        return {
            revoked: true
        };
    }

Thank you

Vuelve a abrir si quieres hacer un seguimiento.

[rodcrespo]

This is still happening.

The thing is that it is required to pass the refresh token in order to revoke it when the JWT is not persisted in the db, because there is no way to know which token to revoke otherwise.

[radudalbea]

@rodcrespo you are right. It's a problem with the specs. You cannot revoke a token that is not persisted somewhere(database or Redis).