learn hapi — Invalidate JWTs With Blacklists

JSON Web Token (JWT) authentication comes with a trade-off: the created token lives on client side. You don’t need to store a token in your server-side database to make JWT authentication work in your application.

This is —simultaneously— the largest benefit of JWT: your server can trust a verified JWT that is part of an incoming request and take data from the token payload without a database lookup.

A downside of this blind trust: you can’t simply revoke tokens to invalidate a JWT.

This is what you’ll implement with the help of this tutorial: JWT blacklisting to invalidate tokens using Redis.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.