Detect stale access token at the API end

ritiwari369 · November 14, 2022, 7:23am

Hi

Even after logout at REACT client end (logout() from auth0), my node server is still accepting Access tokens (I’m checking token expiry and verfying sign):-

if (decodedJwt.payload.exp < currentTime ||   decodedJwt.payload.iat > currentTime) return 403;

jwt.verify(jwtoken, signingKey, {'algorithms': decodedJwt.header.alg}, (error) => { return 403; }

So how can I detect that token in request is stale or flushed/blocked by auth0?

Thanks

dan.woda · November 28, 2022, 5:35pm

Hi @ritiwari369,

In the context of Auth0, JWT access tokens are stateless and aren’t “revoked” when a user logs out. If a token is not expired and has the correct claims, it is valid.

For this scenario, I would recommend using short-lived tokens that expire more quickly. Access Tokens

system · December 12, 2022, 5:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regularly refresh Auth0 token in auth0-spa-js Help auth0-spa-js	0	1555	October 31, 2022
Auth0 API to check if the auth token is valid (not expired or revoked) Help jwt , api	3	4746	August 31, 2021
M2M Token renewal Help jwt , auth0 , nodejs	10	6936	March 27, 2020
Checking token validity/expiry Help id_token , access-token	8	30656	August 16, 2019
Invalid access token returned when using refresh token Help sessions , rotating-refresh-tokens	1	28	October 7, 2024

Detect stale access token at the API end

Related topics