api-services/org.cryptotrader.api.library.services.jwt/TokenBlacklistService

TokenBlacklistService

@Service
class TokenBlacklistService

Simple in-memory blacklist for JWT tokens to support logout for stateless auth.

Purpose:

  • When a user logs out, we can’t “unsign” a JWT. Instead, we remember its value until it naturally expires and reject it on subsequent requests.

Notes:

  • Ideal for dev/single-node. In production, use a shared store (Redis) and store a hash of the token.

Constructors

Link copied to clipboard
constructor()

Properties

Link copied to clipboard

Functions

Link copied to clipboard
fun blacklistToken(token: String, expiresAtEpochMillis: Long)

Blacklist a token until its expiry time.

Link copied to clipboard
fun isBlacklisted(token: String?): Boolean

Check whether a token is blacklisted (and clean up expired entries opportunistically).