learn hapi — How to Revoke a JWT

JSON web tokens (JWT) are a convenient way to authenticate users on your platform.

The simplest version of handling JWT authentication looks like this: creating a token by signing it with a secret key that is only known to your application. Once created, you send off the compact form of the token to the client. You may not store anything in the backend.

Well, you can guess that passing all security concerns to a token that lives on the client is not an appropriate approach to build secure applications.

That’s why we’ll look at four different ways to revoke JWTs and also explore why revoking tokens is a must have, not a nice to have.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.