module Devise::JWT::RevocationStrategies::Allowlist
This strategy must be included in the user model.
The JwtAllowlist table must include `jti`, `aud`, `exp` and `user_id` columns
In order to tell whether a token is revoked, it just tries to find the `jti` and `aud` values from the token on the `allowlisted_jwts` table for the respective user.
If the values don't exist means the token was revoked. On revocation, it deletes the matching record from the `allowlisted_jwts` table.
On sign in, it creates a new record with the `jti` and `aud` values.
Public Class Methods
jwt_revoked?(payload, user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
# File lib/devise/jwt/revocation_strategies/allowlist.rb, line 29 def self.jwt_revoked?(payload, user) !user.allowlisted_jwts.exists?(payload.slice('jti', 'aud')) end
revoke_jwt(payload, user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
# File lib/devise/jwt/revocation_strategies/allowlist.rb, line 34 def self.revoke_jwt(payload, user) jwt = user.allowlisted_jwts.find_by(payload.slice('jti', 'aud')) jwt.destroy! if jwt end
Public Instance Methods
on_jwt_dispatch(_token, payload)
click to toggle source
Warden::JWTAuth::Interfaces::User#on_jwt_dispatch
# File lib/devise/jwt/revocation_strategies/allowlist.rb, line 41 def on_jwt_dispatch(_token, payload) allowlisted_jwts.create!( jti: payload['jti'], aud: payload['aud'], exp: Time.at(payload['exp'].to_i) ) end