Menu
I'm currently using 2 projects. 1 front end (with laravel backend to communicate with API) and another laravel project (the API).
Now I use Laravel Passport to authenticate users and to make sure every API call is an authorized call.
Now when I want to log out my user, I send a post request to my API (with Bearer token) and try to log him out of the API (and clear session, cookies,...)
Then on the client I also refresh my session so the token is no longer known. Now when I go back to the login page, it automatically logs in my user. (Or my user is just still logged in).
Can someone explain me how to properly log out a user with Laravel passport?
Thanks in advance.
835
This method requires the user to provide their current password, which your application should accept through an input form: use Illuminate\Support\Facades\Auth; Auth::logoutOtherDevices(request('password')); When the logoutOtherDevices method is invoked, the user's other sessions will be invalidated entirely, meaning ...
The "tymondesigns/jwt-auth" is a PHP Laravel implementation of the JWT protocol. On the other hand, Passport also uses JWT by default plus a huge extra, a complete Oauth2 implementation. Regarding the functionality, as I said they both use JWT thus you can use whichever you like to authentication via tokens.
Make sure that in User model, you have this imported
use Laravel\Passport\HasApiTokens; and you're using the trait HasApiTokens in the User model class using
use HasApiTokens inside the user class. Now you create the log out route and in the controller, do this
$user = Auth::user()->token(); $user->revoke(); return 'logged out'; // modify as per your need This will log the user out from the current device where he requested to log out. If you want to log out from all the devices where he's logged in. Then do this instead
$tokens = $user->tokens->pluck('id'); Token::whereIn('id', $tokens) ->update(['revoked', true]); RefreshToken::whereIn('access_token_id', $tokens)->update(['revoked' => true]); Make sure to import these two at the top
use Laravel\Passport\RefreshToken; use Laravel\Passport\Token; This will revoke all the access and refresh tokens issued to that user. This will log the user out from everywhere. This really comes into help when the user changes his password using reset password or forget password option and you have to log the user out from everywhere.
79
You need to delete the token from the database table oauth_access_tokens you can do that by creating a new model like OauthAccessToken
Run the command php artisan make:model OauthAccessToken to create the model.
Then create a relation between the User model and the new created OauthAccessToken Model , in User.php add :
public function AauthAcessToken(){ return $this->hasMany('\App\OauthAccessToken'); } in UserController.php , create a new function for logout:
public function logoutApi() { if (Auth::check()) { Auth::user()->AauthAcessToken()->delete(); } } In api.php router , create new route :
Route::post('logout','UserController@logoutApi'); /api/logout
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
