I am deploying a Laravel backend app that is being used as an API service for a frontend app, and a lot of breaking changes were made to the laest version of the app, is it possible to invalidate all the jwt tokens used for athentication so all users making requests from the APIs will have to re-authenticate.
NOTE: The tokens are not stored on the database
I have tried
php artisan jwt:generate
php artisan config:clear
php artisan cache:clear
but still the jwt tokens are still valid.
2
Answers
JWT tokens are signed using a secret key. By changing the secret key, all previously issued JWT tokens will become invalid. Run the following command:
This worked for me, let me know.
Here is what you should do to invalidate all the JWT tokens coming to the backend since all the tokens are encoded and decoded based on the JWT secret changing this token will require re-authentication of the user. Hope this resolves your issue.
If you are using jwt-auth php package then here is a command that might be helpful.
jwt-auth documentation for generating new JWT secret key.