I want to revoke a token with the jwt-token library from adonis, except that I'm using the version where I don't store the token in the database. It asks me at the revoke of the token to pass the refresh token but when I do it tells me that it is not a valid jwt token
1 Answer
This is a long topic :)
You can read why you should not use JWT and why Adonis is not supporting it here: https://github.com/adonisjs/core/discussions/2039#discussioncomment-201869
But to keep it short... Just don't use JWTs at all. Use what adonis is recommending: https://docs.adonisjs.com/guides/auth/api-tokens-guard
Why? Because there is no point in using JWTs if you are planning to revoke them. The only "official" way to revoke a JWT token is by changing your app secret which was used to generate JWT. But, doing this you will revoke ALL JWT tokens at once.
You could write JWTs to database/redis when you create them and create custom logic to whitelist/blacklist them so you can control revoking etc. But then why use JWT at all. The point is for them to be stateless.
