Laravel JWT Database Blacklist

A Laravel package to store JWT blacklisted tokens in the database instead of cache.

Built to work with tymondesigns/jwt-auth.

✨ Features

• 🛡️ Blacklist JWT tokens in a dedicated database table
• ⚡ Works with tymon/jwt-auth
• 🗄️ No cache needed
• ✅ Ready for production use

🚀 Installation

composer require kamoca/laravel-jwt-database-blacklist

⚙️ Setup

1. Publish migration

php artisan vendor:publish --tag=jwt-blacklist-migrations
php artisan migrate

This will create the jwt_blacklists table in your database.

1. Configure JWT

   2.1. Set storage

   In config/jwt.php, set the storage option:

   'storage' => Kamoca\JwtDatabaseBlacklist\Providers\Storage\Illuminate::class,
   

   2.2. Ensure blacklist is enabled

   In config/jwt.php, set the blacklist_enabled option:

   'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
   

   Then in your .env file:

   JWT_BLACKLIST_ENABLED=true
   

Now, when you invalidate a token, it will be stored in the database and blocked from reuse.

🔧 Usage

Example logout controller:

use Tymon\JWTAuth\Facades\JWTAuth;
use Auth;

public function logout()
{
    // These will store {"valid_until":...} in the `jwt_blacklists` table
    Auth::logout();
    auth()->logout();

    // These will store 'forever' in the `jwt_blacklists` table
    JWTAuth::invalidate(JWTAuth::getToken(), true);
}

Any request using the same token after invalidation will fail.

📝 License

Este projeto está licenciado sob a Licença MIT - veja o arquivo LICENSE para detalhes.

👨‍💻 Author

Kauan Morinel Calheiro

• 📧 Email: kauan.calheiro@universo.univates.br
• 🐙 GitHub: @KauanCalheiro