Check JWT token in blacklist

Question

I am using web API .net core 3.1, my case is that when a user logs out I will put that user's JWT token in a blacklist that is stored in the database so that the JWT token cannot be accessed into the system even though it has not expired.

Currently, I put the 'CheckJWTTokenInBlacklist' function in each API function as shown below.

        [Authorize]
        [HttpPost]
        public ActionResult Add(OrderRequest req)
        {
            if (ModelState.IsValid)
            {
                string token = HttpContext.Response.Headers["Authorization"]; 
                if (_coffeeToken.CheckJWTTokenInBlacklist(token) == false) //Check whether the token is blacklisted.
                {
                    //token is not in blacklist
                   
                }
                else
                {
                   // token is in blacklist
                }
            }
            return BadRequest(ModelState);
        }

I think this is not the best way since every API needs JWT tokens I have to set the above check function. Are there better ways? Thank you !!

https://stackoverflow.com/questions/53455939/where-to-store-jwt-token-in-net-core-web-api — Newton Sheikh, Jan 11 '21 at 17:26
Thank you for answering me, I see in your link JWT token will be validated in the startup.cs file but in my case, I will check if the jwt token is in the blacklist stored in the database or not? It wouldn't be good if I declare an object to communicate with the database because I am using dependency injection. — hiep nguyenduc, Jan 11 '21 at 17:44
you can use inmemory cache and access it everytime, thought not an anwer but will post it an ansswer so than i can share the code — Newton Sheikh, Jan 11 '21 at 17:49

score 0 · Answer 1 · answered Jan 11 '21 at 17:52

Created a inmemeory cache which hold all the JWTTokens and then access them from any Action Controller you want.

public static class JWTTokenCache
{
    private static Dictionary<Guid, JWTTokenClass>? cache;

    private static object cacheLock = new object();
    public static Dictionary<Guid, JWTTokenClass> AppCache
    {
        get
        {
            lock (cacheLock)
            {
                if (cache == null)
                {
                    cache = new Dictionary<Guid, JWTTokenClass>();
                }
                return cache;
            }
        }
    }
}

now you can access this JWTtoken like so

    [Authorize]
    [HttpPost]
    public ActionResult Add(OrderRequest req)
    {
       //var token = JWTTokenCache.AppCache[Guid]; --This is your blacklist
       //  if (_coffeeToken.CheckJWTTokenInBlacklist(token) == false) -- Change this if condition accrodingly
        
        if (ModelState.IsValid)
        {
            string token = HttpContext.Response.Headers["Authorization"]; 
            if (_coffeeToken.CheckJWTTokenInBlacklist(token) == false) //Check whether the token is blacklisted.
            {
                //token is not in blacklist
               
            }
            else
            {
               // token is in blacklist
            }
        }
        return BadRequest(ModelState);
    }

@David sure, do let me know if this will work for you, and in case you find even a better and cooler way dont forget to share your solution. Happy to help. Cheers :) — Newton Sheikh, Jan 11 '21 at 17:58

Check JWT token in blacklist

1 Answers1