I have a social media platform and I'm using cognito for auth. When I delete users, they are not logged out, how can i deactivate tokens
The token validity is 1 day. I waited for 1 day but it didn't log out.
Asked
Active
Viewed 389 times
1 Answers
0
I may be wrong, but it sounds like you don't clearly understand what is JWT and how it works.
Here are two types of JWT tokens: access token and refresh token.
access token can't be invalidated for single user until it expires. It is using for user authentication. In other way refresh token is using for new access tokens creation. By default, expiring time of refresh token is 30 days. So, user able generate new access token even if it expired until refresh token is valid.
You have to revoke refresh token when deleting user. Also expiring time of access token should be pretty short (e.g., 30 minutes). In this case user will be able login only 30 minutes at max after refresh token revocation.
Here is no info in your question about token revocation and which of tokens valid until 1 day, so I hope this info will help you figure out how it works.
rzlvmp
- 7,512
- 5
- 16
- 45