My recommendation would be to expire the token or clear it from your storage

but how to clear or expire it , i coudn't find anything when googled it 😞

How are you creating it?

async signup(parent, args, ctx, info) { const password = await bcrypt.hash(args.password, 10) const user = await ctx.db.mutation.createUser({ data: { ...args, password }, }) return { token: jwt.sign({ userId: user.id }, process.env.APP_SECRET), user, } }

token: jwt.sign({ userId: user.id }, process.env.APP_SECRET),

and this is how it login

async login(parent, { email, password }, ctx, info) { const user = await ctx.db.query.user({ where: { email } }) if (!user) { throw new Error(

No such user found for email: ${email}

) } const valid = await bcrypt.compare(password, user.password) if (!valid) { throw new Error('Invalid password') } // console.log(info) return { token: jwt.sign({ userId: user.id }, process.env.APP_SECRET), user, } }

i think i need to clear the token from the client end ?

and update the UI that is is no longer logged in

but as a security point of view is it safe to do like this

if you wanted to check token validity, you would need to store the generated token and create a new query/mutation like logout(token: String!) which would remove the token and the success of that could be used to trigger the UI token to be cleared

and when logout clear it from there ?

i think i need to read the validation part too