Sorry if this is not the right place to ask, but I wonder how I can log off a user when he hits an endpoint like /auth/logoff? I'm using the basic + jwt strategy from the example. So the user logs in using his credentials, then receives his token that he then uses for all further requests (including timed keep-alive requests to renew the token before expiration).
The client can simply delete the token and "feel" logged off, sure, but then the server would still accept it until it is expired, right? How can you invalidate a token, do I have to delete the entries from the cache by hand? Or can I use auth.Revoke() somehow like below?
func logoutHandler(w http.ResponseWriter, r *http.Request) {
u := auth.User(r)
err := auth.Revoke(strategy, u)
if err != nil {
log.Println("Error revoking user: ", err)
}
body := "success"
w.Write([]byte(body))
}
Sorry if this is not the right place to ask, but I wonder how I can log off a user when he hits an endpoint like /auth/logoff? I'm using the basic + jwt strategy from the example. So the user logs in using his credentials, then receives his token that he then uses for all further requests (including timed keep-alive requests to renew the token before expiration).
The client can simply delete the token and "feel" logged off, sure, but then the server would still accept it until it is expired, right? How can you invalidate a token, do I have to delete the entries from the cache by hand? Or can I use auth.Revoke() somehow like below?