Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to avoid huge number of access tokens in database?

Tags:

laravel

laravel-passport

I've built a RESTful API with a Laravel Passport project.
It's using the Client Credentials Grant to authorize my third party project.
The problem is that for each api call from the third party application it generates a new access token.
By the end of the day, if i had 999 calls i will have also 999 new records in the oauth_access_tokens database table.
It's possible to avoid huge number of access tokens in database?

Maybe in League\OAuth2\Server\Grant\ClientCredentialsGrant.php:

public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, \DateInterval $accessTokenTTL) {
    $client = $this->validateClient($request);
    $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
    $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
    // $validToken = query to check if $client has existing token neither revoked or expired
    // if ($validToken) { 
    //     return $responseType->setAccessToken($validToken);
    // }
    $accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $scopes);
    $responseType->setAccessToken($accessToken);
    return $responseType;
}
like image 270
Ricardo Carvalho Avatar asked Jan 04 '23 06:01

Ricardo Carvalho

1 Answers

Solution
Set a listener to the event generated by Passport when a access token is created.

app/Providers/eventServiceProvider.php:

namespace App\Providers;

use Illuminate\Support\Facades\Event;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;

class EventServiceProvider extends ServiceProvider {
    protected $listen = [
        'Laravel\Passport\Events\AccessTokenCreated' => [
            'App\Listeners\RevokeOldTokens'
        ]
    ];
    public function boot() {
        parent::boot();
    }
}

app/Listeners/RevokeOldTokens.php:

<?php

namespace App\Listeners;

use Laravel\Passport\Events\AccessTokenCreated;
use Laravel\Passport\Client;
use Carbon\Carbon;

class RevokeOldTokens {
    public function __construct() {
        //
    }
    public function handle(AccessTokenCreated $event) {
        $client = Client::find($event->clientId);
        // delete this client tokens created before one day ago:
        $client->tokens()->where('created_at', '<', Carbon::now()->subDay())->forceDelete();
    }
}
like image 153
Ricardo Carvalho Avatar answered Jan 13 '23 17:01

Ricardo Carvalho
Sign in to Comment

Related questions

Laravel 5 - Get newly inserted id in transaction?
Eloquent Query Scope return Builder instead of Model when using phpunit
Laravel 5 Hasmanythrough inverse querying
Multiple Authentication in Laravel 5.3
Laravel 5.2 - Login with only Email
Php : Laravel - Array push after using eloquent pluck method
No such plan: monthly; one exists with a name of monthly, but its ID is primary Laravel Cashier
Run Raw Query using mongoDB Jenssegers Laravel
How Laravel's container binding mechanisms differ?
Laravel collection return collection with only field
File upload with Laravel through REST
Laravel 5.4 Markdown email character issue
Increase X-RateLimit-Limit in laravel using throttle middleware
Laravel Migration Error : Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes laravel 5.3
How to remove LARAVEL from branding and use own branding in Laravel 5
Laravel Join returns duplicates data
Calling a custom Artisan command in a Controller | Laravel
Foreach in Yajra DataTable Laravel
Sending POST request with Guzzle in Laravel
ErrorException in Filesystem.php - Permission denied

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!