Invalidating JSON Web Tokens

Question

For a new node.js project I\'m working on, I\'m thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store conta

Answer 1

IAM solution like Keycloak (which I'have worked on) provide Token Revocation endpoint like

Token Revocation Endpoint /realms/{realm-name}/protocol/openid-connect/revoke

Of if you simply want to logout an useragent(or user), you could call an endpoint as well(this would simply invalidate the Tokens). Again, in the case of Keycloak, the Relying Party just needs to call the endpoint

/realms/{realm-name}/protocol/openid-connect/logout

Link in case if you want to learn more