Topics created by nishant

Hiya,

This JWT is valid because the JWT is not expired. You can't revoke a JWT by logging out because they are stateless. Here's more information about how revoking JWTs: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts

This is one of the reasons why we recommend storing a JWT in a server side session, so that removing the session (on logout) removes the JWT. More here: https://fusionauth.io/learn/expert-advice/authentication/webapp/oauth-authorization-code-grant-sessions

Does that help?

Hey @dan,

Thanks for the invaluable insights sharing. Just one question remains in my mind and that is when to get user to verify their email address in this method of setting their password in one shot?

Should I set any flag to indicate to FusionAuth to send an email to user for email verification?

My use case is like this:

User opens mobile app They will register through my app by sending their name, family, email address, and password. In my backend I get their req and as aforementioned I am passing those fields to the FusionAuth client (I am using @fusionauth/typescript-client)

Now I am not sure how to config or let FusionAuth know that it should send an email to the user's entered email address containing a one time use link to verify their email address so that I can be sure they've verified their email address and probably have some sort of law enforcement or restriction based on verified email addresses and not ones.

Many thanks for your support.

@dan Thank you for your support. Fixing the signature just saved me another couple of hours (also coming from https://fusionauth.io/blog/2020/07/14/django-and-oauth/) ^^

Great. Marking this solved. Let me know if that's not ok 🙂 .