1. HelpDesk
  2. Developer FAQ

Will a 'logout' call invalidate a DID token?

Calling a <logout> function does not invalidate a DID token. A DID token is just proof that a user was authenticated, and each DID token has an expiration of 15 minutes by default.

The only way for a once-valid DID token to be invalidated is for it to expire. That's why it's best to create short-lasting DID tokens when the user is logged in and re-generate them as needed (if needed) by your application. (see https://magic.link/docs/introduction/decentralized-id for more information on customizing DID Tokens)