1

I'm trying to build a laravel app that uses an api to get and update info. Some API routes should only be accessible to logged in users.

I have implemented JWT so on login a token is generated for user and passed to javascipt. Also I removed expiring from the tokens to avoid a situation where user can see admin panel but token is expired and he can't do anything.

So now I have a problem when if a user logs out and logs back in, he gets a new token, but the old token is still usable. How can I delete JWT token for a given user?

user3743266
  • 1,124
  • 4
  • 16
  • 28
  • You can revoke tokens, and Laravel tracks the revoke status in the db. You may possibly be logging user out without revoking tokens. Possible solution at https://stackoverflow.com/questions/42851676/how-to-invalidate-all-tokens-for-an-user-in-laravel-passport – Paul Jerome Bordallo Jul 02 '17 at 19:42
  • Sounds like you're doing things in a custom way - why complicate it when you can just use Laravel Pasport? – Ohgodwhy Jul 02 '17 at 19:57

0 Answers0