Iam new to spring security and i was going through spring boot jwt and the process but i dont know how to use logout feature through jwt . For example when a user click logout at after that time using that token we can not access the secured Rest end points.
Now i want is implementation of logout functionality using JWT(Spring Boot Rest Api)that is used in real time projects and the code for it.
Please if any one can provide me the github link to the solution
or can send me the code at
[email protected]
and anything related to latest spring security projects real time (Backend) and also of oAuth2 material please send me i need this
Thanks.
On logout, you can perform the following actions
Remove the token from the client
You can remove the token from Client (Local storage, Session/Cookie). Note that it will not prevent the client access as you removing from only client side and for server, it is still valid Token
Maintain Token blacklist
When a client performs logout action. Add that token to blacklist and for next request check token is in a blacklist. If yes then prevent the access. As you have to check for every request it will be costly for large applications
Short expiry time
If you keep the token expiry times at short enough intervals and have the running client keep track and request updates when necessary, It will be working as a complete logout system. The problem with this method is that it makes it impossible to keep the user logged in between closes of the client code (depending on how long you make the expiry interval).
You can also refer this for Details