skip to Main Content

I am using jwt-redis library to generate and destroy JWT tokens.

I need to destroy the JWT token from server side when user logs out so that token is not misused.
Below is the code I am using to generate and destroy token:

const redis = require("redis");
const JWTR = require("jwt-redis").default;
const generateJWTToken = async (data) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const token = await jwtr.sign(data, process.env.JWT_KEY);
  return token;
};

const verifyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const data = await jwtr.verify(token, process.env.JWT_KEY);
  return data;
};

const destroyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);
  await jwtr.destroy(token, process.env.JWT_KEY);
};

Even after destroying the token when I call verifyJWTToken method, it returns the data which were signed with the token.

After destroying the token, it should not return signed data.

What am I doing wrong here?

Any new techniques to destroy JWT token from node server is also appreciated!

2

Answers


  1. jwtr.destroy returns a promise, so try

    await jwtr.destroy(token.jti, process.env.JWT_KEY);
    
    Login or Signup to reply.
  2. Just use the following code snip for destroying tokens when you are using jwt-redis. because jwt-redis npm documentation itself said that you can destroy tokens only using jti. please refer https://www.npmjs.com/package/jwt-redis cerate jti & destory token method.

    await jwtr.destroy(token.jti);
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search