stackoom
  简体   繁体   中英

How revoke a JWT in Web API C#?

 原文  2019-08-24 01:26:37       c#/ jwt/ jwt-auth

Question

I have a web API in C # (no core) to which I integrated JWT, so there is no problem, now, I would like to know how to revoke a JWT that currently exists, delete it before it expires.

That is, my JWT lasts a total of 20 minutes, but when I close the session, in my APPS I delete that JWT so that they can no longer use it, but in the API, that JWT remains active until it expires for time, how can I delete or expire that JWT in my API?

1 answers

solution1
 0  2019-08-24 04:29:12

So basically you want to make inactive just one Jwt token issued by your Api while rest of them are still active. You can't do this straightaway.

Most feasible solution would be to,

Have a smaller lifespan for the Jwt tokens. Then you have to implement refresh token logic as well. If already in place you are good. Now if you want to inactive the token for specific user you can remove the refresh token from the back end. Then the next time user try to refresh, it fails. But still he can access the system until the issued Jwt expires. So make it's lifespan small such as 1 or 2 minutes so that the impact is low.

Cheers,

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Revoke JWT using C# How can I encrypt JWT Token in Web Api C#? How to Validate Token JWT Token that it comes from the same User in Web API C# C# - How to add user claims/roles from JWT on Web API 2 How does the sliding expiration work in Web API 2 C# using the Jwt How to use JWT JSON Web Tokens in C# AspNetCore Websites? How to create a JWT token with custom JSON claims in Payload using .Net (C#) in Asp.NET Core WEB API DocuSign Jwt Login issue c# api Invalid JWT token in a simple C# API How to design parallel web api in c#?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM