jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon tymondesigns

JWT:invalidate not working

Open rsmmukesh opened this issue 3 years ago • 10 comments

im trying to invalidate the token through the method invalidate but it is not working, im not getting the error "Token is blocklisted". I can call the below code multiple times , every time I get the user details

CODE ---------

         $token = JWTAuth::parseToken();             
         $user = $token->authenticate();
        JWTAuth::invalidate(JWTAuth::parseToken(),true);
        JWTAuth::invalidate(JWTAuth::getToken(),true);
        JWTAuth::invalidate();

SETTINGS ----------------- 'ttl' => env('JWT_TTL', null), 'refresh_ttl' => env('JWT_REFRESH_TTL', null), 'required_claims' => [ 'iss', 'iat', 'nbf', 'sub', 'jti' ], 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),

Why invalidate not working ?

rsmmukesh avatar Dec 18 '20 05:12 rsmmukesh

I have the same problem. Does anyone know how to solve it!

TonyyJp avatar Dec 24 '20 08:12 TonyyJp

I temporarily fixed by setting CACHE_DRIVER=file in the .env file before it was "array".

rsmmukesh avatar Dec 30 '20 07:12 rsmmukesh

You can invalidate a specific token using this:

\JWTAuth::manager()->invalidate(new \Tymon\JWTAuth\Token($token->token), $forceForever = false);

RichieMcMullen avatar Jan 19 '21 17:01 RichieMcMullen

I have the same problem. I tried @RichieMcMullen solution but didn't worked for me.

I'm using Redis for cache.

After invalidate, my token is still working

vicenterusso avatar Feb 10 '21 15:02 vicenterusso

@vicenterusso

I assume you are replacing $token->token with the actual token or variable of your own ?

RichieMcMullen avatar Feb 10 '21 15:02 RichieMcMullen

@vicenterusso

I assume you are replacing $token->token with the actual token or variable of your own ?

That's correct. @rsmmukesh and others (in another issues) are suggesting to change the cache driver to file. It seems there is a problem with storage not being file based

vicenterusso avatar Feb 10 '21 16:02 vicenterusso

Yes, the environment that I'm currently using in regard to the cache driver is "file" and the invalidate method works fine for me. Maybe try changing your cache driver, as a means of debugging the issue.

RichieMcMullen avatar Feb 10 '21 16:02 RichieMcMullen

I tried a lot and didn't get the actual answer. Finally I had temporary fix with cache driver to file.. I hope there is issue with other cache drivers except file. Any team member should check and resolve it as soon as possible , it is a major issue...

rsmmukesh avatar Feb 10 '21 16:02 rsmmukesh

I have same problem, when I using JWTAuth::invalidate(true), return token is required, same the token existis on JWTAuth::getToken()

PHP 8.0 Laravel 8 :(

avlima avatar Sep 28 '21 20:09 avlima

@Anyone-still-complaining

JWT uses cache for blacklist, and that using Laravel's API (without directly accessing your cache-driver), hence you all should go and report issues to your cache-driver's developers (or even report in Laravel-repo, but not here).
see: stackoverflow.com/Which cache driver to use?

@rsmmukesh array is a temporary RAM storage, which's wiped out the moment request is responded ;-)
There is nothing to be fixed in JWT.

top-master avatar May 28 '22 19:05 top-master