rusmichal
commented
7 years ago use opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme(auth_scheme);
Closed duard closed 7 years ago
rusmichal
commented
7 years ago use opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme(auth_scheme);
mikenicholson
commented
7 years ago I'm not sure there is enough information here to really answer your question.
JWT's can't be revoked like user sessions. To do so would require storing some information about or encoded in the JWT server-side. This defeats one of the the purposes of using a JWT which is stateless auth.
What you can do is set an expiration time when you create the JWT, forcing the user to request a new JWT once the current JWT expires. This is beyond the scope of just this module and it is up to you to design the scheme that fits your implementation.
After login I got my JWT + my token
JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1ODhiN2I3OWU5NmM1Zjc1Y2Q5NzBjZDkiLCJlbWFpbCI6InBlZHJvc2tha3VtQGdtYWlsLmNvbSIsImlhdCI6MTQ4NjQ5MTU4OCwiZXhwIjoxNDg3MDk2Mzg4fQ.xVxHyOCLW7j8wmNzcQJ-d217TD2KR5jGOCgHYPLcews
How can I change this JWT ?