Comments (7)
@laoshanxi
Short answer: You cant, thats not something jwt was designed for.
Long answer:
You could keep a database of revoked tokens and check against that (something like memcached/redis). However that kind of kills the main benefit of jwt, which is to allow for nothing shared architectures.
from jwt-cpp.
Could you not do
const auto now = std::chrono::system_clock::now();
auto token = jwt::create()
.set_issuer("auth0")
.set_issued_at(now)
.set_expires_at(now /* minus one ??? */)
.sign(jwt::algorithm::hs256{"secret"});
from jwt-cpp.
Thanks @Thalhammer ,
For client side, the simple solution can be clear the token memory in client side, the client have no token can not login again.
For safe service side, server should hold the none-expired token which has been logged out。
from jwt-cpp.
Yeah normally you just wipe it from memory on the client side. Most jwt based apps dont really do a
"logout" feature. Instead the common approach is to use short lived tokens (like 30min or an hour) and on "logout" you just wipe all info from the client and let the token expire. While the client is still online you can just periodically refresh the token. That also gives you sort of an auto logout.
from jwt-cpp.
Yes, periodic refresh token seems good (if do not consider performance cost), use old none-expired token to renew a token.
from jwt-cpp.
Refreshing the token every 30 or so minutes should not have a notable performance impact. Make sure you renew your token soon enough, so you still have enough time to do (and possibily retry) the request. You can parse the token and get the exp value in JS to calculate when to refresh it.
from jwt-cpp.
Got it, thanks for the explaination.
from jwt-cpp.
Related Issues (20)
- Create a test for the undefined sanitizer
- HMAC key should be an array of bytes, not a character string HOT 9
- x86/Win32 compilation and using boost json HOT 2
- Private Key Signing vs Signing from Service Account file HOT 5
- undefined reference error in compiling HOT 9
- what secret format should i use for HS512 algorithm HOT 1
- Release status of 0.7.0-rc.0 HOT 3
- Guide to Setting Up jwt-cpp? HOT 4
- Building example: no matching function for call to ‘decode(std::string&)’ HOT 1
- Compilation error: no matching function for call to ‘decode(std::string&)’ HOT 2
- Build Errors For picojson.h? HOT 8
- Getting Error - namespace "jwt" has no member "claims" HOT 6
- Unable to generate token using ed25519 HOT 2
- Use of Builder explicitly
- Need help : How to Implement JWT Operations from Python Using jwt-cpp ? HOT 5
- How to use payload and get the payload data HOT 7
- Boost JSON traits kind of buggy HOT 5
- How to verify a jwt HOT 3
- Invalid input: not within alphabet HOT 6
- Locking in libcrypto in multi threaded app HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-cpp.