learn hapi — JWT Logout (Part 1/2)

Authenticating users in web applications or APIs has different approaches. Invalidating a user’s server-side session or an authentication-related cookie is in your full control. With JSON web tokens (JWTs), you need to extend your platform with a custom logout handling ensuring to invalidate an active JWT.

Because there’s no straightforward way to logout users with JWT, we’ll look at two different approaches. The first one is a “soft logout” invalidating only the long-living refresh token and not the short-living JWT itself.

The second part is a “hard logout “ invalidating both, the JWT and refresh token immediately. This functionality is part of a second tutorial.

Within this tutorial, you’ll focus on the “soft” JWT logout.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.