Skip to main content
The JWT Revoker is a supporting service that provides a simple HTTP API for managing JWT token revocations using the KrakenD bloomfilter client. It connects to KrakenD’s bloomfilter RPC server to add and check JWT tokens against a revocation list.

Base URL

http://localhost:9000

How It Works

The JWT Revoker service:
  1. Connects to KrakenD’s bloomfilter RPC server (running on krakend:1234)
  2. Uses the jti (JWT ID) claim by default to identify tokens
  3. Stores revoked token identifiers in a bloomfilter data structure
  4. Provides HTTP endpoints to add tokens to the revocation list and check if tokens are revoked
When a JWT is revoked:
  • The service constructs a key: {claim_name}-{claim_value} (e.g., jti-abc123)
  • This key is added to the bloomfilter
  • KrakenD can check this bloomfilter to reject requests with revoked tokens
For more information about JWT revoking with KrakenD, see: https://www.krakend.io/docs/authorization/revoking-tokens/

Endpoints

Add Token to Revocation List

Add a JWT to the revocation list by submitting its jti claim value. 
POST /add/

Form Parameters

ParameterTypeRequiredDescription
jtistringYesThe JWT ID claim value to revoke

Implementation Details

The endpoint (/images/jwt-revoker/main.go:28-34):
  1. Parses the form data to extract the claim value
  2. Constructs the subject key: jti-{value}
  3. Adds the key to the bloomfilter via RPC
  4. Redirects to the home page
http.HandleFunc("/add/", func(w http.ResponseWriter, r *http.Request) {
    r.ParseForm()
    subject := *key + "-" + r.FormValue(*key)
    c.Add([]byte(subject))
    log.Printf("adding [%s] %s", *key, subject)
    http.Redirect(w, r, "/", http.StatusFound)
})

Example Request

curl -X POST http://localhost:9000/add/ \
  -d "jti=a1b2c3d4-e5f6-7890-abcd-ef1234567890"
This will revoke the JWT with jti claim value a1b2c3d4-e5f6-7890-abcd-ef1234567890.

Response

Redirects to / with HTTP status 302 Found.

Check If Token Is Revoked

Check whether a JWT is currently revoked by querying its jti claim value. 
POST /check/

Form Parameters

ParameterTypeRequiredDescription
jtistringYesThe JWT ID claim value to check

Implementation Details

The endpoint (/images/jwt-revoker/main.go:36-42):
  1. Parses the form data to extract the claim value
  2. Constructs the subject key: jti-{value}
  3. Checks the bloomfilter via RPC
  4. Returns true if revoked, false otherwise
http.HandleFunc("/check/", func(w http.ResponseWriter, r *http.Request) {
    r.ParseForm()
    subject := *key + "-" + r.FormValue(*key)
    res, _ := c.Check([]byte(subject))
    log.Printf("checking [%s] %s => %v", *key, subject, res)
    fmt.Fprintf(w, "%v", res)
})

Example Request

curl -X POST http://localhost:9000/check/ \
  -d "jti=a1b2c3d4-e5f6-7890-abcd-ef1234567890"

Response

Returns a boolean value as plain text: 
true
if the token is revoked, or: 
false
if the token is not revoked.

Configuration

The JWT Revoker service accepts the following command-line flags:
FlagDefaultDescription
-serverkrakend:1234IP:Port of the remote bloomfilter RPC server
-keyjtiThe name of the JWT claim to inspect for revocations
-port8080Port to expose the HTTP service
In the KrakenD Playground, the service runs on port 9000 and connects to the KrakenD bloomfilter on krakend:1234.

Web Interface

The service also provides a simple web interface at http://localhost:9000/ where you can:
  • Add tokens to the revocation list via a form
  • Check if tokens are revoked via a form
The interface is useful for manual testing and demonstration purposes.

Integration with KrakenD

To use the JWT Revoker with KrakenD:
  1. Configure KrakenD with the bloomfilter middleware
  2. Configure the bloomfilter to use RPC mode (listening on port 1234)
  3. Use the JWT Revoker service to add tokens to the revocation list
  4. KrakenD will automatically reject requests with revoked JWTs
See the KrakenD documentation for detailed bloomfilter configuration: https://www.krakend.io/docs/authorization/revoking-tokens/

Build docs developers (and LLMs) love

Get started for freeTalk to us