0

Iam new to spring security and i was going through spring boot jwt and the process but i dont know how to use logout feature through jwt . For example when a user click logout at after that time using that token we can not access the secured Rest end points.

Now i want is implementation of logout functionality using JWT(Spring Boot Rest Api)that is used in real time projects and the code for it.

Please if any one can provide me the github link to the solution

or can send me the code at

ag.rajat113@gmail.com

and anything related to latest spring security projects real time (Backend) and also of oAuth2 material please send me i need this

Thanks.

Rajat Agrawal
  • 141
  • 1
  • 4
  • 13

1 Answers1

0

On logout, you can perform the following actions

Remove the token from the client

You can remove the token from Client (Local storage, Session/Cookie). Note that it will not prevent the client access as you removing from only client side and for server, it is still valid Token

Maintain Token blacklist

When a client performs logout action. Add that token to blacklist and for next request check token is in a blacklist. If yes then prevent the access. As you have to check for every request it will be costly for large applications

Short expiry time

If you keep the token expiry times at short enough intervals and have the running client keep track and request updates when necessary, It will be working as a complete logout system. The problem with this method is that it makes it impossible to keep the user logged in between closes of the client code (depending on how long you make the expiry interval).

You can also refer this for Details

Romil Patel
  • 12,879
  • 7
  • 47
  • 76