Access Token Blacklisting

Once this feature is enabled, each session verification attempt will result in a database call. This will make sure that if session revocation has taken place, access tokens on the front end will be stop working immediately.

caution

On enabling this feature there will be a database call for each session verification attempt. This may slow down all of your API calls.

You can enable this feature by setting the value in the core config:

With Docker
Without Docker

 docker run \
    -p 3567:3567 \
    -e ACCESS_TOKEN_BLACKLISTING=true \ 
    -d registry.supertokens.io/supertokens/supertokens-<db_name>

# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

access_token_blacklisting: true

important

Once updated, please make sure to restart the backend API layer which uses our backend SDK.
For managed service, this values can be updated by visiting our dashboard.

Auth Methods

Add ons

Access Token Blacklisting

caution

important