如何在到达特定 URL 时销毁访问令牌？

Question

I have integrated another web app to mine. The user will login in my app, an access token will be generated and it will take him to the other app. Now the second app has a log out button in it which obviously does not destroy that access token but it takes users to a page having same url for all. So the solution I thought for it is that the code will read the browser url and when that specific url appears, it will call the logout() function (as shown below for example) and that logout() function will destroy the token.

if (window.location.href === "url") {
  logout();
}

function logout () {
  //code to destroy token..
}

I'm using window.location.href to fetch url from the browser. I have tested logout() function and it works fine.

Only thing I need is how to properly read the browser url and call the logout() function when a specific url is reached.

Answer 1

On Logout from the Client Side, the easiest way is to remove the token from the storage of browser.

But, What if you want to destroy the token on the Node server -

The problem with JWT package is that it doesn't provide any method or way to destroy the token.

So in order to destroy the token on the serverside you may use jwt-redis package instead of JWT

This library (jwt-redis) completely repeats the entire functionality of the library jsonwebtoken, with one important addition. Jwt-redis allows you to store the token label in redis to verify validity. The absence of a token label in redis makes the token not valid. To destroy the token in jwt-redis, there is a destroy method