Hi we have a stateless application and we authorize the user using the jwt token, how to force the logout, without saving tokens that are already invalid after logout?
The information provided is not sufficient to provide a definitive answer, but if the initial end-user authentication process performed by the client application resulted in an authentication session being created at the identity provider (in this case the Auth0 service) then, if you haven’t done so already, you should check the reference documentation about logout.
I would like to add up to it, I am in a similar situation where we are using Auth0 access tokens to authenticate the user for accessing our API.
My question is whether it is necessary to end the session at Auth0 too, having done that on the client and server side already.
As Auth0 doesn’t expire the token on logout, then whats the purpose of log out, if the access token is still valid?
PS - I have read the document already.
We are not using Lock instead, we are using our custom pages.