Adam Warski
Adam Warski
Is this on production? I see that you are using `InMemoryRefreshTokenStorage`, which is rather meant for tests, especially that it can cause race conditions with multiple concurrent HTTP requests. Plus...
Ah :) Would be good to know if the map maybe grows too big, causing pressure on the GC? Maybe you can see how much memory the app has and...
Can you paste the headers that you are sending to the server?
@NicholasMolenaar doesn't JWT require the `Bearer` prefix before the token? So the header would be: ``` Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXIiOnsiaWQiOjEsImVtYWlsIjoiZW5hYmxlQG1vbGVuYWFyLmlvIiwicGFzc3dvcmQiOiIkMmEkMTAkL3BNclY4bnlEV3VXY0cva3hTa1U5LjNXNTAxZG1hUzBRb0ZSeTJZNk5NSHF5Z29DSUkxWUciLCJhY3RpdmUiOnRydWV9fSwiZXhwIjoxNTA0ODAyMTU3fQ==.CsmHEuAIdxFDn9wDHzpnqX9WWiYsRPfSaSWzCNuTU30= ```
@milanvdmria which version, are you on latest?
If you are using the header transport, then invalidating the session responds with an empty `Set-Authorization` header, which is assumed to clear the client's storage. However that's of course up...
Yes. That's why sessions should always have an expiry date :) Optionally refreshed with the refresh token - which assumes external storage and "global" invalidation.
I'll keep this open to clarify the docs later :)
@kormoglaz so you are saying that the token is not removed from storage? That should happen ... maybe you can try with a copy of `InMemoryRefreshTokenStorage` and with some debugging...
Hello, the `schedule` method is used to schedule an action to be run in the background after the given amount of time. It is used to remove a used token...