Never trust anything coming from the client-side they said, but why you are still trusting the client-side to handle your application logout properly and effectively,
when all he did, was delete the stored jwt from the browser local storage.
If such stored jwt was copied before it is deleted, or it was intercepted in transit,
it can still be used on a different computer or browser, and it will still work perfectly like it was never deleted.
This package aims to help you handle your logout process seamlessly with just 3 lines of code:
~> var jwtCheck = new JwtCheck().Login(generatedJwt); in your login method
~> var jwtCheck = new JwtCheck().Logout(httpContext); in your logout method
~> app.UseJWTCheck(); in your program.cs
N:B => you can check this link: Dotnet_JWTLogoutAsync for the async method equivalent
- You wish to disable Jwt from authorizing your application before the token expiry time elapse.
- It can be used with your custom Jwt implementation as well as with ASP.NET Identity.
- .NET Core 6.0 and newer
You can clone this repo and reference it in your project.
Install via .NET CLI
dotnet add package JWTLogout.Net --version 1.0.1Install via Package Manager
Install-Package JWTLogout.Net -Version 1.0.1To enable JWTLogout to listen for requests, use the middleware provided by JWTLogout.
Add JWTLogout Namespace in Program.cs
using JWTLogout.Net.Helpers...
app.UseAuthentication();
app.UseAuthorization();
app.UseJWTCheck();
......
var jwtCheck = new JwtCheck().Login(generatedJwt);
......
var jwtCheck = new JwtCheck().Logout(httpContext)
...Feel like something is missing? Fork the repo and send a PR.
Encountered a bug? Fork the repo and send a PR.
Alternatively, open an issue and we'll get to it as soon as we can.