Invalidate JWT-Tokens on logout and password change.
I have an ASP.net Web api that handles user interaction. For authentification I use JWT Tokens. I realize that these tokens are only a way to confirm claims and do not carry states in any way.
I want to give uses the ability to log out, i.e invalid tokens and change thier password. I do not like the approach of storing the password hash in the token as it can be read.
Also I have no clue if it would make sense to use a table for invalidated tokens and how I would go about implementing that feature.
If you have any input or pointers I could use to help me it would be greatly appreciated. : )
I want to give uses the ability to log out, i.e invalid tokens and change thier password. I do not like the approach of storing the password hash in the token as it can be read.
Also I have no clue if it would make sense to use a table for invalidated tokens and how I would go about implementing that feature.
If you have any input or pointers I could use to help me it would be greatly appreciated. : )
