Fergus In London

The musings of a man with a keyboard and an internet connection.

Yes, you can invalidate JSON Web Tokens (JWT).

2018-04-01 6 min read Fergus
JSON Web Tokens are great: they have a well-defined schema, and are simple to implement both as a provider and an integrator. This simplicity has side effects though, and often leads to limitations. For instance; can you invalidate/revoke a token, or “log a user out”? Client side logout - i.e “ditch the token” - is not a solution; rather than actually invalidating the token, this simply loses it - often via purging it from local storage. Continue reading