invalidateToken method - JWTDriver class - khadem_auth library

invalidateToken method

@override

Future<void> invalidateToken(

String token

)

override

Invalidates a token (single device logout)

token The token to invalidate

For JWT drivers: Blacklists access token and invalidates associated refresh token For Token drivers: Deletes the access token

Implementation

@override
Future<void> invalidateToken(String token) async {
  // Use single device logout strategy by default
  final strategy = _strategyFactory.createStrategy(LogoutType.singleDevice);

  // Verify token to get context
  final jwt = JWT.verify(token, SecretKey(_secret));
  final payload = jwt.payload as Map<String, dynamic>;
  final exp = payload['exp'] as int?;
  final userId = payload['sub'];
  final sessionId = payload['jti'] as String?; // Use standard JWT ID claim

  if (exp != null && userId != null) {
    // For JWT single device logout, we need to find and invalidate the associated refresh token
    // This creates a true single device logout experience
    final context = TokenInvalidationContext.fromTokens(
      accessToken: token,
      userId: userId,
      guard: _providerKey,
      tokenExpiry: exp,
      tokenPayload: payload,
      metadata: sessionId != null ? {'session_id': sessionId} : null,
    );

    await strategy.invalidateTokens(context);
  }
}