We want to restrict users from login different devices. So if any loggedin user logs into another device we want to expire previous token. So is there any way we can expire previous issued jwt tokens.
Asked
Active
Viewed 485 times
0
-
In a nutshell, you cant edit the expiry date/time of a JWT token. Once issued, it expires at its set time. To prevent logging in from multiple devices, you will have to go along the lines of maybe blacklisting previous tokens for the same user in, say, your database. This obviously comes with many issues, like what if i copy the token to another device. But depending on your application, this might not be relavant. – Gerald Chifanzwa Oct 25 '18 at 14:04
-
But we don't save the jwt tokens to database. We need to than save all tokens issued in database and check for every API call – Kenny Oct 25 '18 at 15:37
-
jwt is stateless and you could not expire the previous token. For your requirement, you may try to store the jwt tokens which conatins the client identifier like deviceid or ip in database, and then check the jwt token for every call. – Edward Oct 26 '18 at 02:09