Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using Laravel 8 with Sanctum hasapitokens to login with a remember me option

Tags:

laravel

vue.js

laravel-sanctum

So Im building a SPA with Vue 3, Laravel 8 and using sanctum (hasapitokens) to handle the user login and I could not find the duration of the session that the token is valid as I wanted to use this in combination with a remember me option when a user signs in. Is this possible or is the use of these tokens a bad example to handle the authentication of users?

like image 382
user759235 Avatar asked Oct 27 '25 01:10

user759235

1 Answers

It's usually done via cookies, but when dealing with sanctum authentication, it's a little tricky.

I thought, why don't I just make the sanctum token expiration date longer when login happens with the "remember me" option? But apparently you can't make different tokens with different expiration dates with sanctum, so here an alternative.

A. With sanctum token's abilities:

When creating the user's token, add to the abilities list a "remember" ability.

$user->createToken('auth_token_name', ['remember']);

Then in the App/Providers/AppServiceProvider.php file in the boot() method add

Sanctum::authenticateAccessTokensUsing(function (PersonalAccessToken $token, $isValid) {
        if($isValid) return true;
        return $token->can('remember') && $token->created_at->gt(now()->subYears(5));
    });

Usually the expiration duration of Laravel "remember cookie" is five years. Here you are free to change this to any duration.

B. Add an expiration column to the tokens table (TL;DR)

I haven't tested this one myself because it's a long way, but should offer you an alternative incase you don't want to mess with the token's abilities. First, you need to modify the sanctum migration to include an expiration column (as in here). Then you need to override the PersonalAccessToken Model (as in here) to have in the fillable property the expiration column. Then you can add to the boot() method in the AppServiceProvider

Sanctum::authenticateAccessTokensUsing(function (PersonalAccessToken $token, $isValid) {
    return $isValid ?: $token->expiration->gt(now());
});

The only problem is that you need to set expiration date, so either fetch the newly created token from the database and modify that, or override the HasApiToken::createToken function in the User model to use expiration parameter.

like image 150
Chase Codex Avatar answered Oct 31 '25 05:10

Chase Codex

Sign in to Comment

Related questions

How to add multiple conditions on Laravel elequent relationship
Laravel Nova custom login
No Matching Manifest Error when using Sail on Laravel
How to send Authorization access_token to request header in Laravel using Middleware
Laravel Valet share - Failed to connect to 127.0.0.1 port 4040: Connection refused
Deleted migrations files still migrating
How to force migrations to create datetime2 fields instead of datetime
Laravel dd() function not showing in Google Chrome network tab anymore how to fix it?
How to get back my Laravel Hashed Password?
Laravel / Blade: tabs/spaces not included properly
How to resolve "Call to undefined function Composer\Json\json_decode()" in PHP?
Laravel Mail Debugging/Result
Why new react preset installation in laravel gives error of The JSX syntax extension is not currently enabled
How to merge child key pairs to parents in Laravel models
Laravel Form Requests hasFile() not working
How to use env variable as reference of other env variable?
laravel 5.1 : how can i update one row only with where clause?
Should you use a construct with invoke - or just use invoke?
convert null values into empty string in laravel 5.4
Redirect with id in Laravel

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!