I am using jwt-redis
library to generate and destroy JWT tokens.
I need to destroy the JWT token from server side when user logs out so that token is not misused. Below is the code I am using to generate and destroy token:
const redis = require("redis");
const JWTR = require("jwt-redis").default;
const generateJWTToken = async (data) => {
const redisClient = redis.createClient();
await redisClient.connect();
const jwtr = new JWTR(redisClient);
const token = await jwtr.sign(data, process.env.JWT_KEY);
return token;
};
const verifyJWTToken = async (token) => {
const redisClient = redis.createClient();
await redisClient.connect();
const jwtr = new JWTR(redisClient);
const data = await jwtr.verify(token, process.env.JWT_KEY);
return data;
};
const destroyJWTToken = async (token) => {
const redisClient = redis.createClient();
await redisClient.connect();
const jwtr = new JWTR(redisClient);
await jwtr.destroy(token, process.env.JWT_KEY);
};
Even after destroying the token when I call verifyJWTToken
method, it returns the data which were signed with the token.
After destroying the token, it should not return signed data.
What am I doing wrong here?
Any new techniques to destroy JWT token from node server is also appreciated!
CodePudding user response:
jwtr.destroy returns a promise, so try
await jwtr.destroy(token.jti, process.env.JWT_KEY);
CodePudding user response:
Just use the following code snip for destroying tokens when you are using jwt-redis. because jwt-redis npm documentation itself said that you can destroy tokens only using jti. please refer https://www.npmjs.com/package/jwt-redis cerate jti & destory token method.
await jwtr.destroy(token.jti);