How To Dev

Introduction In the previous article, I provided instructions on using NestJS with JWT, and you may also realize that if you use JWT, once a token is issued, it cannot be revoked. This means that if you have a token that hasn't expired yet, you can continue to use the service. For small systems that do not prioritize security, this might not be a major issue and can be simply resolved by deleting the token from the frontend when the user logs out. However, if you need to build a system with extremely high security, where the token must be invalidated upon logout so that no one can use it to access the service, this article will guide you through how to achieve that. To do this, we will use Redis (which I have already guided you on in this article) to store tokens that have not expired but are requested to be deleted. The storage duration for these tokens will be exactly the time remaining until they expire. Thus, after applying Redis, the operation of tokens will be as follows: If ...