Search by 
kamoca / laravel-jwt-database-blacklist
JWT blacklist storage in database for tymon/jwt-auth
v1.0.0
2025-09-02 22:41 UTC
Requires
- php: ^8.0
- illuminate/database: ^9.0|^10.0|^11.0|^12.0
- illuminate/support: ^9.0|^10.0|^11.0|^12.0
- tymon/jwt-auth: ^2.2
README
A Laravel package to store JWT blacklisted tokens in the database instead of cache.
Built to work with tymondesigns/jwt-auth.
✨ Features
- 🛡️ Blacklist JWT tokens in a dedicated database table
- ⚡ Works with
tymon/jwt-auth - 🗄️ No cache needed
- ✅ Ready for production use
🚀 Installation
composer require kamoca/laravel-jwt-database-blacklist
⚙️ Setup
- Publish migration
php artisan vendor:publish --tag=jwt-blacklist-migrations php artisan migrate
This will create the jwt_blacklists table in your database.
-
Configure JWT
2.1. Set storage
In
config/jwt.php, set thestorageoption:'storage' => Kamoca\JwtDatabaseBlacklist\Providers\Storage\Illuminate::class,
2.2. Ensure blacklist is enabled
In
config/jwt.php, set theblacklist_enabledoption:'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
Then in your
.envfile:JWT_BLACKLIST_ENABLED=true
Now, when you invalidate a token, it will be stored in the database and blocked from reuse.
🔧 Usage
Example logout controller:
use Tymon\JWTAuth\Facades\JWTAuth; use Auth; public function logout() { // These will store {"valid_until":...} in the `jwt_blacklists` table Auth::logout(); auth()->logout(); // These will store 'forever' in the `jwt_blacklists` table JWTAuth::invalidate(JWTAuth::getToken(), true); }
Any request using the same token after invalidation will fail.
📝 License
Este projeto está licenciado sob a Licença MIT - veja o arquivo LICENSE para detalhes.
👨💻 Author
Kauan Morinel Calheiro
- 📧 Email: kauan.calheiro@universo.univates.br
- 🐙 GitHub: @KauanCalheiro