I am new in Laravel, I installed JWT and logged In , so It worked and generated a token, When I Logout in postman It returns true but again and again it returns true and

auth()->user()

always returns the user after logout

this is my code:

  public function login(Request $request)
  {

    $this->validateLogin($request);

    if (!$jwt_token = JWTAuth::attempt($request->toArray())) {
      return response()->json([
        'success' => false,
        'message' => 'Invalid national_id or Password',
      ], 401);
    }

    return response()->json(['success' => true, 'token' => $jwt_token,], 200);

  }

and in logout:

  public function logout(Request $request)
  {
    auth()->logout();
    return response()->json(['data' => 'you logged out successfully'],200)
  }

In routes:

Route::group(['prefix' => 'v1', 'namespace' => 'Api\v1'], function() {

  Route::post('login', 'Auth\LoginController@login');
});

    Route::group(['middleware' => ['auth:api', 'api'], 'prefix' => 'v1', 'namespace' => 'Api\v1'], function() {

    // Authentication Routes...
      Route::post('logout', 'Auth\LoginController@logout')->name('logout');
    .
    .
    .
    .
    .

I also used JWTAuth::invalidate($request->token); again it did not work.

JWT is stateless, so token will be valid until it expires(You set the expiration). Either remove the token from your front end, or make a black list where you always check if the requested token is valid and not black listed.

I found a method to do this in github

public function testUserLogoutBlacklistsToken()
{
    // Arrange
    $user = factory('App\Models\User')->create();
    $token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
    $payload = \Tymon\JWTAuth\Facades\JWTAuth::getPayload($token);
    $headers = ['AUTHORIZATION' => 'Bearer ' . $token];

    // Assert
    $this->get('api/auth/logout', $headers)
         ->seeStatusCode(202)
         ->seeHeader('Authorization', '');

    // Verify on the back-end that the token is blacklisted
    $this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
}

public function testAccessDeniedWithBlacklistedToken()
{
    // Arrange
    $user = factory('App\Models\User')->create();
    $token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
    \Tymon\JWTAuth\Facades\JWTAuth::invalidate($token);

     // Sanity check that JWTAuth::invalidate worked
     $this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));

    // User data should not be returned and response should have HTTP 500
    $this->get('api/me', $headers)
         ->seeStatusCode(500);
}

i hope this will work for you

  public function logout(Request $request) 
    {
        // Get JWT Token from the request header key "Authorization"
        $token = $request->header("Authorization");
        // Invalidate the token
        try {
            JWTAuth::invalidate(JWTAuth::getToken());
            return response()->json([
                "status" => "success", 
                "message"=> "User successfully logged out."
            ]);
        } catch (JWTException $e) {
            // something went wrong whilst attempting to encode the token
            return response()->json([
            "status" => "error", 
            "message" => "Failed to logout, please try again."
            ], 500);
        }
    }