module Devise::JWT::RevocationStrategies::Denylist
This strategy must be included in an ActiveRecord model, and requires that it has a `jti` column.
In order to tell whether a token is revoked, it just checks whether `jti` is in the table. On revocation, creates a new record with it.
Public Class Methods
jwt_revoked?(payload, _user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
# File lib/devise/jwt/revocation_strategies/denylist.rb, line 18 def self.jwt_revoked?(payload, _user) exists?(jti: payload['jti']) end
revoke_jwt(payload, _user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
# File lib/devise/jwt/revocation_strategies/denylist.rb, line 23 def self.revoke_jwt(payload, _user) find_or_create_by!(jti: payload['jti'], exp: Time.at(payload['exp'].to_i)) end