问题
Using freshly generated FeathersJS application (local auth), I am doing following REST api calls with following behaviour:
- GET /users - it FAILS with not-authorized
- POST /authentication with username and password - successful
- GET /users - it SUCCEEDS and returns list of users
- DELETE /authentication - returns auth object, no error messages (and on server side logout event is generated)
- GET /users - it SUCCEEDS and returns list of users
expected result from my side is that on step 5 I would get not-authorized error, as JWT token would be expired after logout on server side.
what am I doing wrong? how can I logout user properly using just REST api, so token would be invalidated? or authentication is meant to be used only in conjunction with FeathersJS client libraries?
p.s. I am trying out FeathersJS as a potential solution for backend REST API for my Flutter app. Hence I am interested only in server side implementation of FeathersJS.
回答1:
FeathersJS is stateless. So, in your client, just set your access token to null.
回答2:
I use socketio client. I normally logout users by calling app.logout() then clearing the localStorage item "feathers-jwt" just to be sure. follow this https://docs.feathersjs.com/api/client/rest.html#feathersjs-rest-client to read on how you can configure a REST client. hope it helps
来源:https://stackoverflow.com/questions/59005615/logout-using-feathersjs-rest-api