I have make a token in PyJWT like this:
import jwt
import datetime
payload = {
"id": 1,
"exp": datetime.datetime.utcnow() + datetime.timedelta(minutes=1000),
"iat": datetime.datetime.utcnow()
}
token = jwt.encode(payload, 'secret', algorithm='HS256')
And sent to front and also retrive my payload like this:
payload = jwt.decode(token, 'secret', algorithms=['HS256'])
And now i want to destroy token in server and logout. How to do this?
So i found the solution. JWT tokens are not destroyable. And best way for us to do is make a table in our database like blacklist and add dead tokens ito it when call logout method.
And then when try to check user token validation just check that table and if the token exist, you should not accept user and return User Not Authenticated.
Be successful