Closed DavidMoura07 closed 2 years ago
I've made a lot of changes in 825566a6a0b441841205370562f5c3bef3023df2 and release v1.1.0 on npm, some of which fixes logout/revocation.
Could you please test again? To do so, you should rollback the old migration of jwt_tokens and rerun node ace configure adonis5-jwt
Also, with the latest changes, you can now decide whether you want to persist JWT in db (so that logout invalidates the JWT and refresh token), or not persist JWT (logout deletes the refresh token, but does nothing on the JWT which is still valid until it expires).
The latter is the recommended and default behavior with JWTs: in short, you should create a JWT with a reasonably short expire time, then use refresh token to generate a new one, see some of these answers:
In short, if you don't store JWT in DB then yes, the JWT will continue to be valid until it expires.
Please reopen if issue is still present
Hi, thanks for develop this feature, I really needed this, unfortunately logout isn't working for me, my code is basically the same as your docs, but my token are not been removed from database after revoke method
After run the method above, I still can use the same token and nothing changes on jwt_tokens table. Can you check if is any problem with
revoke()
method?My config file is like this:
And my contract is: