#am using { JwtService } from "@nestjs/jwt";

when the users logout the website, so they send a api '/logout' to modify token 'expiry_date' ,
shell we have to do this or what ??

or i can create the following on :
private tokenBlacklist: Set<string> = new Set();
and add token to the blacklist ??

or await this.jwtService.signAsync({sub:decodedToken.sub,exp:0}) change the token exp ??

There's no way to invalidate a jwt once it is issued. You'll need to add it to a restrict list and verify if it is in the list on subsequent requests

usually you would issue short lived assess token and refresh tokens to get a new access token

you could store that refresh token in your database and match it against the one the user provides

that way if you wanted to remove someone you could add some logic on login/token refresh that would check if the user is disabled / black listed

obviously if someone were to be black listed they would have to wait until their access token expires 🙂

tho to be honest im not quite sure what your question is about logging out of blacklisting

if it is jsut logging out you just need to delete cookies related to the jwt (if there are) or clear local storage in the browser 🙂

I think of that but am thinking to be avoid of storing them in the code and consuming more RAM on the server.

i also thinking about a better choice -> i will store in the db (users) the generated token with its exp data , so that each time the user send http req -> i get the token ( extact id -> compare token -> finally give or not give an access 🙂

i would say destroy the cookie as a whole
rather then trying to modify the expire date
blacklisting it before you destroy it is a good thing to add on

thank u guys