https://supabase.com/ logo
#help
Title
# help
d

DanMossa

02/28/2022, 11:21 PM
You need to keep a blacklist of tokens if you want to stop them from being used
t

TremalJack

03/01/2022, 10:26 AM
how u can do it if the JWT are not stored on supabase DB?
the only parameters I see usefull to realize a Revoke JWT Functionality are: UUID Date the scenarios are: I need revoke the JWT of a specific user I need revoke all JWT are generated before a date The supabase DB store only refresh token, so looking this fact, the only way to make this is: Make a table where I set the parameters of "Blacklist" so UUID / Date At the connection decode the JWT and check the UUID / IAT
(sorry for my english) if someone see other ways to realize it, or know where are stored the JWT, I will be happy to know it 🙂
d

DanMossa

03/01/2022, 3:45 PM
You can store the JWT no? Like once it's authed you can insert it into a table.
t

TremalJack

03/01/2022, 7:54 PM
yes of course but in a project already up... can't be done, I mean this kind of implementation will block only the JWT stored the previous will be still work
d

DanMossa

03/01/2022, 7:56 PM
Ah I understand.