Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revoke JWT refresh_token #89

Closed
ghost opened this issue Jan 18, 2018 · 4 comments

Comments

@ghost
Copy link

commented Jan 18, 2018

Can't find any info in the documentation how to get user's refresh tokens.
I have route /auth/logout which should handle revoking refresh_tokens. I will pass refresh_token to this route but have no idea how can I get that token from the database as it is decoded there.

screen shot 2018-01-18 at 10 23 02 am

Also if I revoke refresh_token does it mean that every time user logs in and logs out I will store refresh tokens? I think this table will be too large after sometimes with unnecessary data. Can this tokens be stored in Redis? Can I set auth data driver to Redis?

@thetutlage

This comment has been minimized.

Copy link
Member

commented Jan 20, 2018

You can decrypt the token using Encryption provider. Also feel free to delete the token instead of toggling the is_revoked flag.

Adonis gives both options, since some apps wants to store historical tokens. However you can simply delete them.

const decrypted = Encryption.decrypt(token)

await Token.query().where('token', decrypted).delete()

I will add revoke methods to the auth object soon

@thetutlage thetutlage self-assigned this Jan 20, 2018

@ghost

This comment has been minimized.

Copy link
Author

commented Jan 22, 2018

@thetutlage Thank you! It works for me.

@thetutlage

This comment has been minimized.

Copy link
Member

commented Jan 25, 2018

Added methods to revoke tokens within the auth class. Will be released soon.

@thetutlage thetutlage closed this Jan 25, 2018

@tapankumar

This comment has been minimized.

Copy link

commented Jan 28, 2018

@thetutlage : When will the new version will be released with this new revoke method?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.