Detect stale access token at the API end

Hi

Even after logout at REACT client end (logout() from auth0), my node server is still accepting Access tokens (I’m checking token expiry and verfying sign):-

if (decodedJwt.payload.exp < currentTime ||   decodedJwt.payload.iat > currentTime) return 403;
 
jwt.verify(jwtoken, signingKey, {'algorithms': decodedJwt.header.alg}, (error) => { return 403; }

So how can I detect that token in request is stale or flushed/blocked by auth0?

Thanks

Hi @ritiwari369,

In the context of Auth0, JWT access tokens are stateless and aren’t “revoked” when a user logs out. If a token is not expired and has the correct claims, it is valid.

For this scenario, I would recommend using short-lived tokens that expire more quickly. Access Tokens

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.