skip to Main Content

I am deploying a Laravel backend app that is being used as an API service for a frontend app, and a lot of breaking changes were made to the laest version of the app, is it possible to invalidate all the jwt tokens used for athentication so all users making requests from the APIs will have to re-authenticate.

NOTE: The tokens are not stored on the database

I have tried

php artisan jwt:generate
php artisan config:clear
php artisan cache:clear
but still the jwt tokens are still valid.

2

Answers


  1. JWT tokens are signed using a secret key. By changing the secret key, all previously issued JWT tokens will become invalid. Run the following command:

    php artisan jwt:secret
    

    This worked for me, let me know.

    Login or Signup to reply.
  2. Here is what you should do to invalidate all the JWT tokens coming to the backend since all the tokens are encoded and decoded based on the JWT secret changing this token will require re-authentication of the user. Hope this resolves your issue.

    If you are using jwt-auth php package then here is a command that might be helpful.

    php artisan jwt:secret
    

    jwt-auth documentation for generating new JWT secret key.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search