Logout ?

Issue #68 invalid
Radhakrishnan Selvaraj created an issue

How to remove or invalidate the token in server side if an user requested for logout. Please help on this.

Comments (2)

  1. Brian Campbell repo owner

    That's really something for your application overall to consider. A sever side revocation list is one approach taken where the jti, hash of the full token, or some other unique identifier is retained sever side (to indicate logout) for the lifetime of the token.

  2. Log in to comment