Aerys•8mo ago

How Do I Ban Users & Invalidate Their JWT Tokens?

When a malicious user gets banned by an admin, I have to ensure he no longer can access protected routes, but that means I have to query the database every time checking a user's token, is there a more efficient method for invalidating tokens?

2 Replies

Nick•8mo ago

JWTs can’t be invalidated directly, they’re signed and verified offline by the server. So you’d have to maintain a ban-list in a key value store until after the JWT expires, or something similar

dylan•8mo ago

you can always store your tokens db side and invalidate them, that's how you can select which tokens to invalidate from which location/device on many apps

Move Fast & Break Nothing. End-to-end typesafe APIs made easy.

4.9KMembers

View on Discord

More Posts

useQuery first refetch returns undefinedHello. So, I'm trying to get an item by ID when the user clicks a button. I've searched around and f ❌ Failed to collect page data for api trpc [trpc] ❌I'm getting this error when I deploy to Vercel Framework: NEXTJS Anyone resolved this issue 🤔, HEL SSR with initialData throws errorI'm using SSR with Astro and have a client that looks like ```tsx export type TfdExampleGreet = Rou How to cache trpc server request next.js app routeris it the right way ctx.headers.set( "Cache-Control", "public, max-age=43200, stale-while The property '$request' in your router collides with a built-in methodHas anybody seen this error before? I cant make sense of it Trpc calls being uncessarily madeHi friends, i am relevatively new to TRPC so this could be somethign super basic. I have a component Get Name of All Query Routes or Mutation RoutesTypescript is pretty unhappy with my methods of doing this manually, so wondering if there are any o Losing Types in VSCodeI'm encountering a curious issue with type inference in my project and wondering if anyone else has