You need to keep a blacklist of tokens if you want to stop them from being used
t
TremalJack
03/01/2022, 10:26 AM
how u can do it if the JWT are not stored on supabase DB?
TremalJack
03/01/2022, 10:29 AM
the only parameters I see usefull to realize a Revoke JWT Functionality are:
UUID
Date
the scenarios are:
I need revoke the JWT of a specific user
I need revoke all JWT are generated before a date
The supabase DB store only refresh token, so looking this fact, the only way to make this is:
Make a table where I set the parameters of "Blacklist" so UUID / Date
At the connection decode the JWT and check the UUID / IAT
TremalJack
03/01/2022, 10:31 AM
(sorry for my english) if someone see other ways to realize it, or know where are stored the JWT, I will be happy to know it 🙂
d
DanMossa
03/01/2022, 3:45 PM
You can store the JWT no? Like once it's authed you can insert it into a table.
t
TremalJack
03/01/2022, 7:54 PM
yes of course but in a project already up... can't be done, I mean this kind of implementation will block only the JWT stored the previous will be still work