How do I revoke JWT everytime a new token generated using django-graphql-jwt?

[Anzhari Purnomo]

I am using django-graphql-jwt (https://django-graphql-jwt.domake.io/en/latest/index.html) to handle authentication for my Django Python Graphene application. Currently, everytime a new JWT generated, the previous JWT is still active as long as it does not pass its expiry time.

I want to revoke/prevent access to previously generated JWT (even if the JWT is not expired yet) whenever I generate a new JWT.

What I am thinking is utilizing the origIat inside the JWT payload and comparing it with something like a last_login attribute from the User model. I noticed though, that User.last_login is not updated whenever I am authenticating using JWT.

Still finding how to do this problem properly and wondering if there is any of you already solving this problem before.

Thanks!

PS: I’ve written a SO post and adding my own solution with code snippet here: 

https://stackoverflow.com/questions/63135623/how-do-i-revoke-jwt-everytime-a-new-token-generated-using-django-graphql-jwt

--

Pardon my brevity,
Anzhari Purnomo
Sent from mobile phone