Django problem while creating logout using simple jwt

Hello everyone. I am working on a project using Django Rest Framework. I need to create login a sign up feature. I used SimpleJWT plugin for this. I used its predefined url endpoint to do login and get access token and refresh token. I created an APIView to do logout. In this APIView I am blacklisting the refresh token. At first it works without any error or exception. But was supposed to move the data from outstanding table to blacklisted table. But only an entry is created in the blacklisted table and the entry from the outstanding table is not deleted. Also, the previously generated access tokens was working. I cannot figure out what's wrong here. I need help in figuring out. I am using MongoDB and Djongo.

django authentication djangorestframwork simplejwt

25th Sep 2022, 9:24 PM

Shashank Shekhar

3 Answers

+ 1

Which means only refresh token is blacklisted. So basically, I understand the wrong earlier. But if I am getting you the right then, I must conclude that my login and logout is working fine and it's me who's expecting something that is not supposed to expect. So I think my problem is resolved now. Thank you Mustafa A

27th Sep 2022, 8:42 AM

Shashank Shekhar

1. It's not mentioned in the documentation that the entry in outstanding is deleted. It's stated that it will look in both outstanding and blacklisted to determine. They suggest creating a cron job to clean expired tokens from the tables. Seems like expected behaviour. 2. Blacklisting the refresh token won't disable the access token. It's expected behaviour. Access token is supposed to be short lived. It will die on it's own.

26th Sep 2022, 4:59 PM

Mustafa A