I
I
Islam Dortkuliev2019-05-01 10:46:13
JSON Web Token
Islam Dortkuliev, 2019-05-01 10:46:13

ASP.NET Core. JWT. How to revoke a token?

Hello. I am writing an application in ASP.NET Core. Did everything as in this article: ASP.NET Core | JWT tokens .
Created a method for changing the password. Now a question. After changing the password, I need to invalidate the token. Or update it. How can i do this? Because need to log out from all devices.
I'm not very familiar with JWTs. I will be glad to hear your answers.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
P
Peter, 2019-05-01
@petermzg

1. There is no password in the token, for this reason, why update it?
2. The token contains (optionally) the jti field, which is your unique identifier for this token (JWT ID). On the server side, you can create a list of such identifiers and define actions for requests that come with a token that has a given ID. The lifetime of this list must be longer than the validity of the given token.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question