Bird
0
0

How can you securely invalidate a refresh token after logout in a NestJS app using a database?

hard📝 Application Q9 of 15
NestJS - Authentication
How can you securely invalidate a refresh token after logout in a NestJS app using a database?
ADelete or mark the refresh token as revoked in the database
BClear the access token from client localStorage
CChange the user's password
DDo nothing; tokens expire automatically
Step-by-Step Solution
Solution:

  1. Step 1: Understand token invalidation on logout

    Removing or marking the refresh token revoked in DB prevents reuse after logout.

  2. Step 2: Evaluate other options

    Clearing access token client-side does not affect refresh token; changing password is unrelated; relying on expiry alone is insecure.

  3. Final Answer:

    Delete or mark the refresh token as revoked in the database -> Option A

  4. Quick Check:

    Logout token invalidation = revoke in DB [OK]
Quick Trick: Revoke refresh tokens in DB on logout [OK]
Common Mistakes:
  • Only clearing client tokens without server invalidation
  • Assuming password change invalidates tokens
  • Relying solely on token expiry

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More NestJS Quizzes
Database with Prisma - Prisma setup in NestJS - Quiz 11easy Database with Prisma - Schema definition - Quiz 9hard Database with TypeORM - Query builder - Quiz 5medium Database with TypeORM - TypeORM module setup - Quiz 12easy Database with TypeORM - Query builder - Quiz 10hard Guards - Why guards control access - Quiz 4medium Middleware - Global middleware - Quiz 11easy Middleware - Global middleware - Quiz 2easy Pipes - Why pipes transform and validate input - Quiz 6medium Pipes - File validation pipe - Quiz 14medium