Not Invalidating token properly

[newkillerbeast2017]

I checked out the package, made no changes, connected to one of my existing databases and tested the following routes:

1. POST - api/auth/login - token got generated
2. DELETE - api/auth/invalidate - token invalidated
3. GET - api/auth/user - expired token yet gets the data properly

Isn't it supposed to say unauthorized?

[krisanalfa]

Hi, thanks for reporting this issue. What HTTP code did you get? Sorry, but I can't reproduce this bug.

[newkillerbeast2017]

Its not an error code. What I meant is, I login a user - a token is generated. I invalidate the user - a token should be blacklisted. I get the user details - still shows data whereas the token was expired earlier and had to be shown an error message. If you still cant get me, try the login, then use the generated token to invalidate. Next, use same token to try get user. It should not give user details but whereas it does.

[newkillerbeast2017]

@krisanalfa were you able to reproduce?

[krisanalfa]

Hi @newkillerbeast2017, can u use this postman collection to reproduce the issue? I can't reproduce.

[rbnzdave]

Yeah I also don't have the ability to expire the token. the test for it is only checking for a response of 200, so fine, but check invalid token doesn't have an issue. Running authentication and then running invalidate doesn't affect the ability to view any protected material. It seems then then expire after a "while" when it complains of missing segments until authenticated again.

[TakesTheBiscuit]

I can't reproduce this

[krisanalfa]

Hi @rbnzdave it's been a while. Sorry for late reply. How's your issue status? Have you resolved this? Until now I can't reproduce this issue, so I cannot make any fix or help you.