module Devise::JWT::RevocationStrategies::Denylist

This strategy must be included in an ActiveRecord model, and requires that it has a `jti` column.

In order to tell whether a token is revoked, it just checks whether `jti` is in the table. On revocation, creates a new record with it.

Public Class Methods

jwt_revoked?(payload, _user) click to toggle source

@see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?

# File lib/devise/jwt/revocation_strategies/denylist.rb, line 18
def self.jwt_revoked?(payload, _user)
  exists?(jti: payload['jti'])
end
revoke_jwt(payload, _user) click to toggle source

@see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt

# File lib/devise/jwt/revocation_strategies/denylist.rb, line 23
def self.revoke_jwt(payload, _user)
  find_or_create_by!(jti: payload['jti'],
                     exp: Time.at(payload['exp'].to_i))
end