How to logout a user from API using laravel Passport
I\'m currently using 2 projects. 1 front end (with laravel backend to communicate with API) and another laravel project (the API).
Now I use Laravel Passport to auth
-
You need to delete the token from the database table
oauth_access_tokensyou can do that by creating a new model likeOauthAccessTokenRun the command
php artisan make:model OauthAccessTokento create the model.Then create a relation between the
Usermodel and the new createdOauthAccessTokenModel , inUser.phpadd :public function AauthAcessToken(){ return $this->hasMany('\App\OauthAccessToken'); }in UserController.php , create a new function for logout:
public function logoutApi() { if (Auth::check()) { Auth::user()->AauthAcessToken()->delete(); } }In api.php router , create new route :
Route::post('logout','UserController@logoutApi');- Now you can logout by calling posting to URL
/api/logout
讨论(0) -
Below is the simplest way I found to do it.
1. USE database SESSION INSTEAD OF file SESSION
Official documention
php artisan session:table php artisan migrateReplace
SESSION_DRIVER=filebySESSION_DRIVER=databasein your.envfile.2. DELETE USER SESSION RIGHT AFTER LOGIN
After a user is redirected to your frontend and logs in to finally get a token, you probably call a route in
api/routes.phpto get the user information, that's where I'm closing the user backend session before sending back user information to the frontend:Route::middleware('auth:api')->get('/user', function (Request $request) { // Close user session here Illuminate\Support\Facades\DB::table('sessions') ->whereUserId($request->user()->id) ->delete(); return $request->user(); });3. REVOKE TOKENS AT LOGOUT
Then, to "log out" (actually, revoke tokens) the user from the frontend, you just need to call another route to revoke the
tokenandrefresh_token:Route::middleware('auth:api')->post('/logout', function (Request $request) { // Revoke access token // => Set oauth_access_tokens.revoked to TRUE (t) $request->user()->token()->revoke(); // Revoke all of the token's refresh tokens // => Set oauth_refresh_tokens.revoked to TRUE (t) $refreshTokenRepository = app('Laravel\Passport\RefreshTokenRepository'); $refreshTokenRepository->revokeRefreshTokensByAccessTokenId($request->user()->token()->id); return; });You may prefer to put these two closures in the
UserController.讨论(0) -
Make sure that in
Usermodel, you have this importeduse Laravel\Passport\HasApiTokens;and you're using the trait
HasApiTokensusinguse HasApiTokensinside the user class. Now you create the log out route and in the controller, do this
$user = Auth::user()->token(); $user->revoke(); return 'logged out'; // modify as per your needThis will log the user out from the current device where he requested to log out. If you want to log out from all the devices where he's logged in. Then do this instead
DB::table('oauth_access_tokens') ->where('user_id', Auth::user()->id) ->update([ 'revoked' => true ]);This will log the user out from everywhere. This really comes into help when the user changes his password using reset password or forget password option and you have to log the user out from everywhere.
讨论(0) -
Hope help someone:
if (Auth::check()) { $request->user()->tokens->each(function ($token, $key) { $token->delete(); }); }Good Luck.
讨论(0) -
This is sample code i'm used for log out
public function logout(Request $request) { $request->user()->token()->revoke(); return response()->json([ 'message' => 'Successfully logged out' ]); }讨论(0) -
I am using Laravel 6.12.0, below function is working for me.
public function logout(Request $request){ $accessToken = Auth::user()->token(); $token= $request->user()->tokens->find($accessToken); $token->revoke(); $response=array(); $response['status']=1; $response['statuscode']=200; $response['msg']="Successfully logout"; return response()->json($response)->header('Content-Type', 'application/json'); }讨论(0)
加载中...
- 热议问题