如何禁用 JWT 令牌
[英]How to Disable a JWT Token
问题描述
I want to disable the generated JWT token when the user logs out from the application and this needs to be done in back-end code.
我想在用户从应用程序注销时禁用生成的 JWT 令牌,这需要在后端代码中完成。 How can I disable the JSON Web Token (JWT) using the authentication server (SpringBoot)如何使用身份验证服务器 (SpringBoot) 禁用 JSON Web Token (JWT)
1 个解决方案
解决方案1
2 2019-12-29 06:08:10
Generally speaking, with JWTs you have an access token with a short duration (like 15 minutes) and a longer refresh token (30 days).一般来说,对于 JWT,您有一个持续时间较短(如 15 分钟)和较长刷新令牌(30 天)的访问令牌。 You should store the refresh tokens that you've given out in a table and when the user logs out, flag the token as revoked and then when you give a new access token out, verify that the refresh token hasn't been revoked.您应该将您提供的刷新令牌存储在一个表中,当用户注销时,将令牌标记为已撤销,然后当您提供新的访问令牌时,验证刷新令牌是否未被撤销。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.