Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to invalidate all tokens for an user in laravel passport?

Tags:

php

laravel

laravel-passport

In our app when user logs out we invalidate the access token for that particular device this way.

$user = $request->user();  $value = $request->bearerToken(); $id = (new Parser())->parse($value)->getHeader('jti'); $token = $user->tokens->find($id); $token->revoke();

But when an user deactivates his/her account, we would like to invalidate all the access tokens from all the devices the user is logged in. I looked through the document but did not find anything useful. Thanks

like image 630
Sayantan Das Avatar asked Mar 17 '17 07:03

Sayantan Das

People also ask

How can I cancel my Laravel Passport token?

You may revoke a token by using the revokeAccessToken method on the Laravel\Passport\TokenRepository .

How can I check my Passport token is valid or not in Laravel?

If you don't want to use the Passport middleware in the project where you want to validate the tokens, you would have to create an endpoint in the Laravel Passport server that can accept the token, perform the usual Passport validation and return a response to your service.

What is difference between JWT and Passport Laravel?

The "tymondesigns/jwt-auth" is a PHP Laravel implementation of the JWT protocol. On the other hand, Passport also uses JWT by default plus a huge extra, a complete Oauth2 implementation. Regarding the functionality, as I said they both use JWT thus you can use whichever you like to authentication via tokens.

How do I remove refresh token?

To revoke a refresh token, send a POST request to https://YOUR_DOMAIN/oauth/revoke . The /oauth/revoke endpoint revokes the entire grant, not just a specific token. Use the /api/v2/device-credentials endpoint to revoke refresh tokens.

2 Answers

Take a look at the HasApiTokens trait provided by passport. The documentation recommends adding this trait to your User model. One of the methods it provides is tokens(), which defines a hasMany relationship between Laravel\Passport\Token and models using the trait. You can use this to retrieve a list of all of the tokens for a given user:

$userTokens = $userInstance->tokens;

The token model itself has a revoke method:

foreach($userTokens as $token) {     $token->revoke();    }
like image 193
Jeff Lambert Avatar answered Sep 20 '22 07:09

Jeff Lambert

This worked for ME:

use Laravel\Passport\Token;   Token::where('user_id', $user->id)                 ->update(['revoked' => true]);
like image 27
Ray Zion Avatar answered Sep 23 '22 07:09

Ray Zion
Sign in to Comment

Related questions

PHP eval and capturing errors (as much as possible)
sending email via php mail function goes to spam [duplicate]
Laravel Creating Dynamic Routes to controllers from Mysql database
Puppet : Specifying a version of a package to install
Native PHP support in Visual Studio 2010?
Decoding JSON in Twig
Can I rely on PHP php.ini precision workaround for floating point issue
Customise grid view in yii2
Finding days between 2 unix timestamps in php
Convert PDF to JPEG with PHP and ImageMagick
Deprecated: Function split() is deprecated. How to fix this statement? [duplicate]
Trying to access array offset on value of type bool in PHP 7.4
What makes PHP slower than Java or C#?
Return by reference in PHP
php - TRUE or true difference? [duplicate]
PHP PDO. error number '00000' when query is correct [duplicate]
PHP PDO::bindParam() data types.. how does it work?
Setting up DomainKeys/DKIM in a PHP-based SMTP client [closed]
PHPUnit equalTo on dates with delta
PHP cURL Content-Type is not set

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!