its not “alot” of extra work.. whenever you create the JWT token for the user just add the fields in JWT payload you want to check against such as device, user_agant, location.. and whatever else you want, the sky is the limit.
JWT definitely was not designed to have DB lookup as I mentioned in the post, but the DB table here will be very small since it will only have invalid tokens when user logs out/blocked and will be cleaned periodically. This is a work around for my drawbacks that were mentioned in my previous post.
JWT is just a tool like many tools out there, take it into your advantage as you need.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
its not “alot” of extra work.. whenever you create the JWT token for the user just add the fields in JWT payload you want to check against such as device, user_agant, location.. and whatever else you want, the sky is the limit.
JWT definitely was not designed to have DB lookup as I mentioned in the post, but the DB table here will be very small since it will only have invalid tokens when user logs out/blocked and will be cleaned periodically. This is a work around for my drawbacks that were mentioned in my previous post.
JWT is just a tool like many tools out there, take it into your advantage as you need.