JWT:invalidate not working

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen

https://jwt-auth.com

MIT License

11.24k stars 1.55k forks source link

JWT:invalidate not working #2077

Open rsmmukesh opened 3 years ago

rsmmukesh commented 3 years ago

im trying to invalidate the token through the method invalidate but it is not working, im not getting the error "Token is blocklisted". I can call the below code multiple times , every time I get the user details

CODE ---------

         $token = JWTAuth::parseToken();             
         $user = $token->authenticate();
        JWTAuth::invalidate(JWTAuth::parseToken(),true);
        JWTAuth::invalidate(JWTAuth::getToken(),true);
        JWTAuth::invalidate();

SETTINGS ----------------- 'ttl' => env('JWT_TTL', null), 'refresh_ttl' => env('JWT_REFRESH_TTL', null), 'required_claims' => [ 'iss', 'iat', 'nbf', 'sub', 'jti' ], 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),

Why invalidate not working ?

TonyyJp commented 3 years ago

I have the same problem. Does anyone know how to solve it！

rsmmukesh commented 3 years ago

I temporarily fixed by setting CACHE_DRIVER=file in the .env file before it was "array".

RichieMcMullen commented 3 years ago

You can invalidate a specific token using this:

\JWTAuth::manager()->invalidate(new \Tymon\JWTAuth\Token($token->token), $forceForever = false);

vicenterusso commented 3 years ago

I have the same problem. I tried @RichieMcMullen solution but didn't worked for me.

I'm using Redis for cache.

After invalidate, my token is still working

RichieMcMullen commented 3 years ago

@vicenterusso

I assume you are replacing $token->token with the actual token or variable of your own ?

vicenterusso commented 3 years ago

@vicenterusso

I assume you are replacing $token->token with the actual token or variable of your own ?

That's correct. @rsmmukesh and others (in another issues) are suggesting to change the cache driver to file. It seems there is a problem with storage not being file based

RichieMcMullen commented 3 years ago

Yes, the environment that I'm currently using in regard to the cache driver is "file" and the invalidate method works fine for me. Maybe try changing your cache driver, as a means of debugging the issue.

rsmmukesh commented 3 years ago

I tried a lot and didn't get the actual answer. Finally I had temporary fix with cache driver to file.. I hope there is issue with other cache drivers except file. Any team member should check and resolve it as soon as possible , it is a major issue...

avlima commented 2 years ago

I have same problem, when I using JWTAuth::invalidate(true), return token is required, same the token existis on JWTAuth::getToken()

PHP 8.0 Laravel 8 :(

top-master commented 2 years ago

@Anyone-still-complaining

JWT uses cache for blacklist, and that using Laravel's API (without directly accessing your cache-driver), hence you all should go and report issues to your cache-driver's developers (or even report in Laravel-repo, but not here).
see: stackoverflow.com/Which cache driver to use?

@rsmmukesh array is a temporary RAM storage, which's wiped out the moment request is responded ;-)
There is nothing to be fixed in JWT.