Detect stale access token at the API end


Even after logout at REACT client end (logout() from auth0), my node server is still accepting Access tokens (I’m checking token expiry and verfying sign):-

if (decodedJwt.payload.exp < currentTime ||   decodedJwt.payload.iat > currentTime) return 403;
jwt.verify(jwtoken, signingKey, {'algorithms': decodedJwt.header.alg}, (error) => { return 403; }

So how can I detect that token in request is stale or flushed/blocked by auth0?


Hi @ritiwari369,

In the context of Auth0, JWT access tokens are stateless and aren’t “revoked” when a user logs out. If a token is not expired and has the correct claims, it is valid.

For this scenario, I would recommend using short-lived tokens that expire more quickly. Access Tokens