Module: Devise::JWT::RevocationStrategies::Allowlist

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/jwt/revocation_strategies/allowlist.rb

Overview

This strategy must be included in the user model.

The JwtAllowlist table must include ‘jti`, `aud`, `exp` and `user_id` columns

In order to tell whether a token is revoked, it just tries to find the ‘jti` and `aud` values from the token on the `allowlisted_jwts` table for the respective user.

If the values don’t exist means the token was revoked. On revocation, it deletes the matching record from the ‘allowlisted_jwts` table.

On sign in, it creates a new record with the ‘jti` and `aud` values.

Instance Method Summary collapse

Instance Method Details

#on_jwt_dispatch(_token, payload) ⇒ Object

Warden::JWTAuth::Interfaces::User#on_jwt_dispatch



41
42
43
44
45
46
47
# File 'lib/devise/jwt/revocation_strategies/allowlist.rb', line 41

def on_jwt_dispatch(_token, payload)
  allowlisted_jwts.create!(
    jti: payload['jti'],
    aud: payload['aud'],
    exp: Time.at(payload['exp'].to_i)
  )
end