Objective: Allow users to log out (sign out) of the application.
Sub-Tasks:
-
Invalidate JWT on Sign Out:
- Since JWTs are stateless, consider strategies for invalidating the token on logout, such as a token blacklist or short token lifespan with refresh tokens.
-
Create Sign Out API Endpoint (Optional):
- If implementing a token blacklist, develop an endpoint to add the user’s current token to this list upon logout.
-
Client-Side Token Deletion:
- Ensure the client application deletes the token upon user logout for security purposes.
US #1
Objective: Allow users to log out (sign out) of the application.
Sub-Tasks:
Invalidate JWT on Sign Out:
Create Sign Out API Endpoint (Optional):
Client-Side Token Deletion:
US #1