❔ Force log out the user after account deletion with JWT bearer auth.
Hello, I'm working on adding a feature that allows administrators to delete users. As things currently stand, when a user is deleted, their account is successfully removed, but their JWT token remains in the browser, allowing them to still access most of the website without any issues. I've come up with a few possible solutions, such as regularly checking from the frontend using an API call or websockets to see if the user has been deleted or not. However, I would prefer to use a built-in functionality if available. I came across SecurityStampValidationOptions, but it doesn't seem to work when I tried using it after AddIdentity with services.Configure<>. Is there a simpler way to achieve this?
4 Replies
I am not sure its possible to delete token on the client from server without connection (other than changing the token secret but it will invalidate all tokens)
centeralized caching like Redis for storing user status whether its deleted or not and control it on each request. If its deleted state then return some custom http response which clears the JWT on client. Thats what comes in my mind first
Thanks, will look into it!
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.