Laravel passport Authorization token expire on generating new token

1
votes

I am using laravel 5.5 with passport authentication for API Routes. I am using bearer token. The problem is that the old generated token is accepted in place of unauthenticated. Steps :

  • create one bearer token. Use it. It is working fine.
  • create another token without logout and it is working fine.
  • now if I use the first created token it is also working. It should not be working but it is accepted.

Is there any way by what I can achieve this? Thanks in advance.

1
laravelapioauth-2.0laravel-passport

1 Answers

6
votes

One possible solution is: Check before creating a new token, if an old one is existing and delete this one. To do this:

Create a Model named OauthAccessToken

Update your User Model the following

/**
 * 1:n zu access token, we need to logout users
 *
 * @return \Illuminate\Database\Eloquent\Relations\HasMany
 */
public function accessTokens()
{
    return $this->hasMany(OauthAccessToken::class);
}

Now you can check with this and delete all tokens from a user

if ($user->accessTokens->count() > 0) {
    $user->accessTokens()->delete();
}