force expire jwt token in adonis js

Question

Is there a way to force expire jwt token (not refresh token) in adonis-js. I am creating a token on login and setting its time to expire for 10 mins. When I log out I want to force expire that token before 10 mins.

Does this answer your question? [Invalidating JSON Web Tokens](https://stackoverflow.com/questions/21978658/invalidating-json-web-tokens) — Laxmikant Dange, Dec 25 '19 at 07:54

score 4 · Answer 1 · answered Dec 25 '19 at 07:02

Try these things for your token. The tokens can be expired. But you cannot do it on demand.

Set a reasonable expiration time on tokens.
Delete the stored token from the client-side upon log out.
Have DB of no longer active tokens that still have some time to live.
Query provided token against The Blacklist on every authorized request.

score 1 · Answer 2 · answered Dec 30 '19 at 13:48

I did it this way:

async login({ request, auth }) {
  const { email, password } = request.all();
  const user = await auth.validate(email, password, true);
  const { name, admin, confirmed } = user;

  const token = await auth.generate(user, false, { expiresIn: '10m' })

  return { token, user }
}

force expire jwt token in adonis js

2 Answers2