Invalidate token on reset password #1005
balvirsingh
started this conversation in
General
Replies: 2 comments 5 replies
-
Hi, I think you should open this at discussion and not issue (since this more like an Q&A). Back to the topic, you may save the token to database after user successfully login and then every time user access your api the authenticator should look up from the table for the token. You can do anything you want from there since you have fully control of the user token (such as removing the token from database to act as invalidate, etc). |
Beta Was this translation helpful? Give feedback.
5 replies
-
just set invalidation date("now") in user table and then check jwt with "iat" against this date |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Symfony - 5.2.5
PHP - 7.4
URL - /reset/password
This route has public access and no token need to be passed.
Now, When user password has been reset, I want to invalidate/expire the old token of this user server-side (passing email in body).
What is the correct way to do this?
Beta Was this translation helpful? Give feedback.
All reactions