Feature: Revoke JWT

  • Resolved haschtl

    (@haschtl)


    4 years, 3 months ago

    Hello,

    I used the simple-jwt-authentification plugin (https://github.com/jonathan-dejong/simple-jwt-authentication) till now, but I wanted to switch to this project, as it is maintained more frequently and has some nice features and a nice user-interface.

    The only problem I am facing, is that there is no possibility to revoke a JWT token. (At least I did not find it)

    The simple-jwt-authentification has the feature to revoke a token and make it invalid. For my purpose this is absolutely needed!

    Is it a big deal to add this feature? Would be nice to have it ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nicu_m

    (@nicu_m)

    hello @haschtl,

    In the last month, a lot of people requested this feature. It is on my to-do list and it will be available next week.

    I will come back with updates when this feature is ready.

    Best regards,
    Nicu.

    Plugin Author nicu_m

    (@nicu_m)

    Hello @haschtl,

    First of all, sorry for my late response.

    I’ve released a new version 2.3.0. In this version, you can revoke tokens.
    Make a POST request on /auth/revoke endpoint, with jwt={your_JWT} and the JWT will no longer be valid.

    Let me know what do you think.

    Best regards,
    Nicu.

    Thread Starter haschtl

    (@haschtl)

    Hello nicu,

    Thanks for your (still) fast response!

    I already checked out your latest version and it seems to work fine!

    But I have two other issues:
    Im using the W3 Total Cache plugin. And with this plugin enabled, it takes a long time until the plugin-api is available. But I think you can’t do anything about that.

    And If I enable your “beta Allow access private endpoints with JWT” option, no webpage is available anymore. The server responds with Error 500 and there seems to be some infinite recursion error according to my Apache log (i think it has something to do with infinite rerouting). I don’t need that feature in my case, but maybe its good for you to know

    I have still one other question: Are the tokens deleted from the server after some time after they have been revoked?

    Thanks for your effort!

    Best regards,
    haschtl

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Feature: Revoke JWT’ is closed to new replies.