Logout — Close session

JWT is stateless. There is no logout endpoint in the Colurs API. Logging out is handled by deleting tokens on the client side.

Steps to log out

1. Remove the access token

Delete the access token from your local storage (localStorage, memory, secure cookie, etc.).

2. Remove the refresh token

Delete the refresh token from local storage.

3. Redirect the user

Redirect the user to the login screen or login flow.

⚠️

JWT tokens remain technically valid until they expire even if you delete them from the client. The access token expires in 15 minutes; the refresh token has a lifetime of 10,000 days. If you need immediate invalidation of the refresh token, you must implement a token blacklist on the server.

For greater security, do not store the refresh token in localStorage. Prefer HttpOnly cookies with Secure and SameSite attributes.

Refresh token How to register a user