What are the options for revoking / invalidation JWTs
I have this situation in which I have to revoke or invalidate a JWT, and from what I've researched it seems that IdentityServer cannot do that.
What are some strategies to invalidate a JWT ?
Asked
Active
Viewed 99 times
1 Answers
0
There is no built-in mechanism for revocation, but you can store previously issued tokens and record their revocation status. This means that every time a JWT token is validated, you'll need to look it up in your token list and see if it's revoked or not.
See also: How can I revoke a JWT token?
Simmetric
- 1,443
- 2
- 12
- 20
-
The tokens are not stored anywhere, and no claim is stored in the token to identify it, this was a business requirment, and also I'm limited with not being allowed to store any information regarding jwt – Jun 20 '22 at 09:06