问题
I don't get what I'm doing wrong. I can't set token expiration time.
<?php
namespace App\Providers;
class AuthServiceProvider extends ServiceProvider
{
public function boot()
{
$this->registerPolicies();
Passport::tokensExpireIn(Carbon::now()->addDays(1));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
}
BUT when I call $user->createToken(), for example like this:
<?php
// as a demo
namespace App\Http\Middleware;
class ParseSpecialToken
{
public function handle($request, Closure $next)
{
$user = User::find(1);
$accessToken = $user->createToken('Some token')->accessToken;
$request->headers->add(['Authorization' => 'Bearer '. $accessToken]);
return $next($request);
}
}
Token expiration is still 1 year, not 1 day. Why? How to change exp time?
回答1:
Here are the methods used to update expiration time for all the grant types :
Personal access token:
public function boot(){
$this->registerPolicies();
Passport::routes();
Passport::personalAccessTokensExpireIn(Carbon::now()->addHours(24));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
Rest all
public function boot(){
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addHours(24));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
Just update the above code in the boot method of AuthServiceProvider.
回答2:
The createToken() method creates a Personal Access Token. By default, these tokens expire after 1 year (or 100 years, if created by laravel/passport <= 1.0.11). The expiration time for this type of token is not modified by the Passport::tokensExpireIn() or Passport::refreshTokensExpireIn() methods.
laravel/passport >= 7.0.4
Passport version 7.0.4 added a new method Passport::personalAccessTokensExpireIn() that allows you to update the expiration time for personal access tokens. If you are on this version or later, you can add this method call to your AuthServiceProvider::boot() method.
Passport::personalAccessTokensExpireIn(Carbon::now()->addDays(1));
laravel/passport < 7.0.4
If you are not yet on passport version 7.0.4, you can still modify the personal access token expiration time, but it is more manual. You will need to enable a new instance of the personal access grant with your desired expiration time. This can also be done in your AuthServiceProvider::boot() method.
$server = $this->app->make(\League\OAuth2\Server\AuthorizationServer::class);
$server->enableGrantType(new \Laravel\Passport\Bridge\PersonalAccessGrant(), new \DateInterval('P100Y'));
Note
Modifying the expires_at field in the database will not do anything. The real expiration date is stored inside the token itself. Also, attempting to modify the exp claim inside the JWT token will not work, since the token is signed and any modification to it will invalidate it. So, all your existing tokens will have their original expiration times, and there is no way to change that. If needed, you will need to regenerate new tokens.
回答3:
The Passport docs seem to answer this question
https://laravel.com/docs/5.6/passport#token-lifetimes
In the boot method of AuthServiceProvider call Passport::tokenExpiresIn()
public function boot()
{
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(now()->addDays(15));
Passport::refreshTokensExpireIn(now()->addDays(30));
}
回答4:
Ah, figured out the personal tokens are always long-lived and this cannot be configured :(
回答5:
if you do
$token->expires_at =
Carbon::now()->addDays(env('PERSONAL_ACCESS_TOKEN_EXPIRY__DAYS'));
then the expiration date is not checked at any request, so I think it's not a valid option for personal tokens.
回答6:
Please see this implementation, and here how to replace PassportServiceProvider by your's. It worked for me with Laravel 5.5
回答7:
Yes, I just wasted one day to find this problem in VERSION = '5.8'.
For now, maybe we need modify your-project/vendor/laravel/passport/src/Passport.php.
Change this -----> new DateInterval('P1Y') . it is php function Represents a date interval.
D---> means Day Y---> means year M---> means Month
three types of token in passport
1.tokensExpireIn in 303 line.
personalAccessTokensExpireIn in 341 line .
refreshTokensExpireIn in 322 line.
回答8:
you can do this:
$tokenResult = $user->createToken('Personal Access Token');
$token = $tokenResult->token;
$token->expires_at =
Carbon::now()->addDays(env('PERSONAL_ACCESS_TOKEN_EXPIRY__DAYS'));
$token->save();
回答9:
File: AuthServiceProvider.php
Add these lines
use Laravel\Passport\Bridge\PersonalAccessGrant;
use League\OAuth2\Server\AuthorizationServer;
Add the following code in boot function
public function boot() {
Passport::routes();
$lifetime = new \DateInterval('PT24H'); // For 24hours
$this->app->get(AuthorizationServer::class)->enableGrantType(new PersonalAccessGrant(), $lifetime);
}
来源:https://stackoverflow.com/questions/42609436/laravel-passport-token-lifetime