Discussion

Tosin Moronfolu

Making things work on the Web!

Mar 8, 2021

How to invalidate a JWT using a blacklist

This article is going to show you how to invalidate JWTs using the token blacklist method. The token blacklist method is used when creating a logout system. This is one of the ways of invalidating JWTs on logout request. One of the main properties of...

dev-insights.hashnode.dev9 min read

#javascript #jwt #web-development #nodejs #authentication

Responses(1)

JP

José Pablo Ramírez Vargas

Senior Software Developer @ Intel

Saving JWT's in any medium is a security risk. The blacklist method needs to be stopped.

The most straightforward example one can give:

Hacker gains access to your database.
Hacker reads all invalidated tokens in the blacklist.
Hacker clears the blacklist. Now all blacklisted tokens are back to Active and Good state.
Hacker does bad things with the stolen, previously-blacklisted-but-not-anymore, list of tokens.

Dec 11, 2022

Recent in Forum

View all threads

Search Hashnode

How to invalidate a JWT using a blacklist

Responses(1)

Recent in Forum