list issued tokens and revoke certain token

[Dr-MHQ]

how can I list all issued tokens for a certain user ? how can I revoke certain token (make it invalid) ?

[mikenicholson]

This all depends on your authentication scheme. If you're using a simple, home grown mechanism where you just issue a JWT and then validate it then you can't, at least not without storing all your issued JWT's server side. You could set them to expire soon after being issued, requiring the client to renew the tokens. Alternatively, you can store every token you issue server side until it expires but this adds a bunch of server-side state you have to keep in your database, which JWT's are supposed to help you avoid.

OAuth 2.0 has the concept of refresh tokens, I suggest you read more on those. Keep in mind OAuth is a complex framework that you probably shouldn't implement on your own.

Either way, this is beyond the scope of this passport module which just validates JWT's.

See also: https://stackoverflow.com/questions/31919067/how-can-i-revoke-a-jwt-token