JWT token is not destroyed after calling destroy method

Issue

I am using jwt-redis library to generate and destroy JWT tokens.

I need to destroy the JWT token from server side when user logs out so that token is not misused.
Below is the code I am using to generate and destroy token:

const redis = require("redis");
const JWTR = require("jwt-redis").default;
const generateJWTToken = async (data) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const token = await jwtr.sign(data, process.env.JWT_KEY);
  return token;
};

const verifyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);

  const data = await jwtr.verify(token, process.env.JWT_KEY);
  return data;
};

const destroyJWTToken = async (token) => {
  const redisClient = redis.createClient();
  await redisClient.connect();
  const jwtr = new JWTR(redisClient);
  await jwtr.destroy(token, process.env.JWT_KEY);
};

Even after destroying the token when I call verifyJWTToken method, it returns the data which were signed with the token.

After destroying the token, it should not return signed data.

What am I doing wrong here?

Any new techniques to destroy JWT token from node server is also appreciated!

Solution

jwtr.destroy returns a promise, so try

await jwtr.destroy(token.jti, process.env.JWT_KEY);

Answered By – sms

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published