JWT and one-time tokens?

Question

I\'m in the process of rolling my own JWT token auth, however, I would really like it to be a one time-token – so once it\'s used, the server generates a new token and the c

Answer 1

Like others have mentioned, it depends on your business case. Password resets links can be like mentioned on https://www.jbspeakr.cc/howto-single-use-jwt/.

If you have the Single-Use & Single-Auth scenario, where you might want to invalidate any previously used and unused token, you can store a single nonce and update it on every new token request and also when its used.