Tracking JWTs only in cache is fragile. This guide shows how to persist tokens, pair access + refresh, and blacklist safely - so you stay in control when things go sideways.
In the walkthrough you’ll learn how to:
•Create a tokens table with user_id, JTI, type, status, payload.
•Save every issued access & refresh token in the DB and link them.
•In middleware, check auth()->getToken()->get() & reject tokens not found in DB.
•Enable logout-all-devices: iterate through user’s tokens and invalidate each.
If you’re building a JWT-based API with Laravel and want scalable, auditable auth - not just “it works” - this is a must-read.
🔗 Full guide: https://webdock.io/en/docs/how-guides/laravel-guides/database-and-tracking-json-web-tokens-jwt-part-3
Top comments (0)