1

I am trying to implement JWT authorization. I have red some articles that write that we shouldn't store jwt token in the database. If It is true I have the following question How should we refresh token and how we can logout user? In simple oauth authorization I have the the following database structure and store all info about authorization in it.

   | user_id | access_token | refresh_token | exprired_date |

And If I want to refresh token I just see that refresh_token in request is valid and just generate new pair access and refresh tokens and if I want to logout user I just remove token from db. But How can I do all this operations with JWT token If we shouldn't store it into db.

Yarik Soltys
  • 315
  • 1
  • 2
  • 17
  • 1
    Possible duplicate of [Does it make sense to store JWT in a database?](https://stackoverflow.com/questions/42763146/does-it-make-sense-to-store-jwt-in-a-database) – Kaddath Mar 13 '19 at 10:38
  • My question isn't about how to authorized user by JWT token or should we store JWT token into DB. It about How the rigth way to refresh JWT token and logout user when we use JWT. – Yarik Soltys Mar 13 '19 at 11:08
  • Your comment suggests you haven't read the question (which is not about "authorize" but about "unauthorize", which is actually what a logout does) or the answers which explain every pros and cons about JWT stored in a database and why using only JWT without db can't logout. I took the time to read before suggesting the duplicate. Yo do as you want, have a good day. – Kaddath Mar 13 '19 at 11:15
  • you can alsoo see https://stackoverflow.com/questions/31919067/how-can-i-revoke-a-jwt-token?noredirect=1&lq=1 – Kaddath Mar 13 '19 at 12:29

0 Answers0