FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Logout doesn't work for me

    Scheduled Pinned Locked Moved
    Q&A
    2
    2
    403
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johndoexx
      last edited by

      Hi
      I've implemented login, register and logout API with spring boot.
      I'm testing this with postman and flow is next:

      1. register user
      2. login with email and password -> get accessToken and refreshToken in response
      3. check can i access with accessToken to some page that need authorization
      4. after that works i go to logout api and send refreshToken as param, but after it return me status OK (200) then I try again with same accessToken access to API that need authorization and it return me data instead of error that I'm unauthorized

      What could be problem? @dan

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        Heya,

        JWTs are stateless tokens of identities. If you want a JWT to be revoked after someone has logged out from FusionAuth, you need to tie state back in.

        See this article for various options for revoking JWTs: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post