b_c / jose4j / issues / #68 - Logout ? — Bitbucket

Issue #68 invalid

Radhakrishnan Selvaraj created an issue 2016-07-13

How to remove or invalidate the token in server side if an user requested for logout. Please help on this.

Comments (2)

Brian Campbell repo owner
That's really something for your application overall to consider. A sever side revocation list is one approach taken where the jti, hash of the full token, or some other unique identifier is retained sever side (to indicate logout) for the lifetime of the token.
- 2016-07-13T13:31:45+00:00
Brian Campbell repo owner
- changed status to invalid
- 2016-07-15T11:46:58+00:00
Log in to comment

Assignee: Brian Campbell

Type: proposal

Priority: trivial

Status: invalid

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!