How do i expire generated JWT token if new JWT token is generated for same credentials.
user = User.objects.get(email=req['email'])
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
Asked
Active
Viewed 1,873 times
1
dev
- 152
- 1
- 10
-
`https://stackoverflow.com/questions/21978658/invalidating-json-web-tokens` you can remove jwt token from client and add assign new one – Yeganeh Salami Jan 13 '20 at 06:05
-
@YeganehSalami if user logged in new device then how do i expire previous JWT token from old device. – dev Jan 13 '20 at 06:08
1 Answers
4
This is core feature of JWT tokens - token contains validity time in itself, and there is no need to store token in database or make a database (or other) call to validate JWT token - just check its expiration time field.
Token expires and is no longer accepted automatically after its expiration date. One approach is to use short-lived tokens, so in case of manual invalidation (which is usually generation of new token) at the backend there is small acceptable window while old token is active.
Another option is to add manually expired token to the blacklist and for each incoming request / token check that it is not present in the blacklist.
Oleg Russkin
- 4,234
- 1
- 8
- 20