I have an ASP.Net Core 3.1 web-api application that uses MS Identity framework to generate JWT tokens for the logged in user.
Then I have a client application (html , javascript) that connects to that web-api.
I also have an android application that connects to the same web-api application.
I want to log out a user from web client when it logins from the android application. How to do that?
This is the challenge with JWT token. TO validate JWT token client doesn't need to talk to token issuer. If the client does then no use of using a JWT token.
You can follow the below approach to handle logoff scenario:
Approach 1) Keep JWT token a very short life span.
Approach 2) Maintain a distributed cache - where all the logged off JWT token can be stored and before validating the token check with the distributed cache.