How to delete a django JWT token?

Question

I am using the Django rest framework JSON Web token API that is found here on github (https://github.com/GetBlimp/django-rest-framework-jwt/tree/master/).

I can succ

Answer 1

Yes, it's correct to say that JWT tokens are not stored in the database. What you want, though, is to invalidate a token based on user activity, which doesn't seem to be possible ATM.

So, you can do what you suggested in your question, or redirect the user to some token refreshing endpoint, or even manually create a new token.

Answer 2

The biggest disadvantage of JWT is that because the server does not save the session state, it is not possible to abolish a token or change the token's permissions during use. That is, once the JWT is signed, it will remain in effect until it expires, unless the server deploys additional logic. So, you cannot invalidate the token even you create a new token or refresh it. Simply way to logout is remove the token from the client.