0

I am generating tokens for transactions (like transferring data). However, I want to invalidate the token after one transaction. The user should not be able to use the same token for the next transaction.

Can someone give me guidance on how I can achieve this? 

tokenGenerate: function (data, timeout) {
    let tokenG = jwt.sign(data, config.jwtSecret, {
        expiresIn: timeout // expires in 1 hour
    });
    let newToken = new Token({
        value: data.value,
        token: tokenG
    });
    newToken.save();
    return tokenG;
}
Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
BlackMirror
  • 17
  • 1
  • 9

1 Answers1

0

You have a few options here, but basically you're looking for the answer provided here:

Beyond that, if you're dealing with an action that you can timebox, simply expire the token quickly, and have the user request another one.

If you want to ensure that each token is only used once however, you may not even want to use JWT to begin with. They're not designed for this.

syntaqx
  • 2,636
  • 23
  • 29
  • Hi @syntaqx Thank you for replying. I want to make sure that same token is not used again for the next transaction. It should say "Invalid token". So can help me with the flow. I am a beginner in this. I am using Nodejs SDK for the Hyperledger Fabric. – BlackMirror Jan 10 '19 at 10:20
  • For something comparable, I recommend looking into how people build password reset functionality. Ultimately, this is the functionality you're trying to implement. A token that can only be used once, where there is only one valid token at a time, and once used is no longer valid. -- You can use multiple tokens to accomplish things (JWT can still be used to Authenticate, and then they can provide a transaction token) – syntaqx Jan 10 '19 at 10:25
  • Yes, if you implement JWT token revocation, then you would simply revoke the token once it's used and it would do what you're wanting. If this answer works for you, please "✔ Accept" the answer :) – syntaqx Jan 10 '19 at 12:00