I am using django-graphql-jwt (https://django-graphql-jwt.domake.io/en/latest/index.html) to handle authentication for my Django Python Graphene application. Currently, everytime a new JWT generated, the previous JWT is still active as long as it does not pass its expiry time.
I want to revoke/prevent access to previously generated JWT (even if the JWT is not expired yet) whenever I generate a new JWT.
What I am thinking is utilizing the origIat inside the JWT payload and comparing it with something like a last_login attribute from the User model. I noticed though, that User.last_login is not updated whenever I am authenticating using JWT.
Still finding how to do this problem properly and wondering if there is any of you already solving this problem before.
Thanks!
Anzhari Purnomo
Sent from mobile phone
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADSoZDnq-ai_a-8UW7_r_Bvrq662fpK99PZaqf6VJ4YE8zEPKw%40mail.gmail.com.
No comments:
Post a Comment