The first question is whether you need to revoke the jwt at all - in many cases, it might be enough to just let it expire. With many apis, there isn’t really a logout functionality - the user will just access the resources he / she needs and then stop using it.
If you do want to revoke jwts, I know that many developers use Redis for this, and that might be quicker than a db lookup.
With openmaize_jwt, you can use the store_jwt(token) and query_jwt(token) functions in the OpenmaizeJWT.LogoutManager module to handle this.
If you have any further questions, please let me know.
1 Like
