JSON Web Token (JWT) & invalidation

"... a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA"
https://auth0.com/learn/json-web-tokens/

Invalidate JWTs
"Let’s say a user has logged out, how do we make sure the token cannot be used anymore?"
https://blog.indrek.io/articles/invalidate-jwt/

Search This Blog

jlinks

JSON Web Token (JWT) & invalidation