Invalidate auth token?
Options
Eli Beachy
Member ✭
Is there a way to invalidate a user's auth token when they log out of your application?
What about revoking all active tokens for a user?
And for how long is the token received on login valid?
What about revoking all active tokens for a user?
And for how long is the token received on login valid?
Comments
-
Hi
Once they log out and your front-end forgets the auth token, the user is in a state without an auth token so they'd have to go through the authentication flow again anyways.
You can definitely create business logic + database schema to make it so a user must login again based on some condition defined and can check it/record it in the database. Perhaps even storing and deleting the auth token based on some conditions. There's many different ways you could go about this but it just takes extra work and then additional checks for each authenticated endpoint.
The expiration of the authentication token is completely customizable. Just click on the function that Creates the Authentication Token and you can set the expiration to whatever you'd like. So maybe that is an easier solution for your use case by having a short expiration time. -
What about revoking a token after it got created, on xano's end?
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback