Logout ?
Issue #68
invalid
How to remove or invalidate the token in server side if an user requested for logout. Please help on this.
Comments (2)
-
repo owner -
repo owner - changed status to invalid
- Log in to comment
That's really something for your application overall to consider. A sever side revocation list is one approach taken where the jti, hash of the full token, or some other unique identifier is retained sever side (to indicate logout) for the lifetime of the token.