Home > Software engineering >  JWT token is not destroyed after calling destroy method
JWT token is not destroyed after calling destroy method

Time:08-30

I am using jwt-redis library to generate and destroy JWT tokens.

I need to destroy the JWT token from server side when user logs out so that token is not misused. Below is the code I am using to generate and destroy token:

const redis = require("redis");
const JWTR = require("jwt-redis").default;
const generateJWTToken = async (data) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const token = await jwtr.sign(data, process.env.JWT_KEY);
  return token;
};

const verifyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const data = await jwtr.verify(token, process.env.JWT_KEY);
  return data;
};

const destroyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);
  await jwtr.destroy(token, process.env.JWT_KEY);
};

Even after destroying the token when I call verifyJWTToken method, it returns the data which were signed with the token.

After destroying the token, it should not return signed data.

What am I doing wrong here?

Any new techniques to destroy JWT token from node server is also appreciated!

CodePudding user response:

jwtr.destroy returns a promise, so try

await jwtr.destroy(token.jti, process.env.JWT_KEY);

CodePudding user response:

Just use the following code snip for destroying tokens when you are using jwt-redis. because jwt-redis npm documentation itself said that you can destroy tokens only using jti. please refer https://www.npmjs.com/package/jwt-redis cerate jti & destory token method.

await jwtr.destroy(token.jti);
  • Related