The previous tutorials on basic JWT logout and immediate JWT logout focused on the functionality to invalidate tokens. They didn’t focus on project architecture, clean code, or where to apply actions. That’s what you’ll change in this tutorial: refactor your code to find a better place to …
Continue Reading
The first tutorial on JWT logout shows you a basic logout when using JSON web token (JWT). The downside of this logout is that users can authenticate requests for the remaining JWT lifetime. Only the refresh token is revoked. In contrast to the first tutorial, you’ll now implement a …
Continue Reading
Authenticating users in web applications or APIs has different approaches. Invalidating a user’s server-side session or an authentication-related cookie is in your full control. With JSON web tokens (JWTs), you need to extend your platform with a custom logout handling ensuring to invalidate an active JWT. Because there’s …
Continue Reading
JSON Web Token (JWT) authentication comes with a trade-off: the created token lives on client side. You don’t need to store a token in your server-side database to make JWT authentication work in your application. This is —simultaneously— the largest benefit of JWT: your server can trust a verified …
Continue ReadingJSON web tokens (JWT) are a convenient way to authenticate users on your platform. The simplest version of handling JWT authentication looks like this: creating a token by signing it with a secret key that is only known to your application. Once created, you send off the compact form of …
Continue Reading
When using JSON web tokens in your application, you’ll find JWT related implementations in different places. For example, creating a new JWT is part of a login route handler. Authenticating an incoming JWT takes place in an authentication strategy. Refreshing a JWT, JWT logout, or token blacklisting are use …
Continue Reading
Security must be a major concern in every application. You should assign rigid security rules for your authentication-related API endpoints. The mini-series “building a rate limiter” here on Future Studio goes through the implementation of a rate limiter. If you didn’t code along in the series, you can grab …
Continue Reading
You implemented refresh token handling for multiple devices in the previous tutorial. The core of that implementation lives in the route handler which assigns the route handler for the refresh token three tasks: find an active refresh token for the incoming input invalidate the incoming refresh token create a new …
Continue ReadingFind interesting tutorials and solutions for your problems.