I have a main and client projects. The client project uses authorization of the main project through laravel passport.Login works fine, but when I try to log out using $request->user()->token()->revoke(); the client project redirects the user back to the main project for authorization, but for some reason, instead of asking for login, the main project simply issues a new token and redirects user back to the client project. I think the problem is that my login routes and the routes that returns SPA application are placed in the web, while all other routes are placed in api, but I can't undertand how to fix this. Also, I'm using \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class in web(as I understant in allows me not to send bearer token in every request). What should I do to make logout work properly?
my login and application routes(placed in web)
Route::get('/authorization{any}', 'SpaController@auth')->where('any', '^.*$');
Route::get('/{any}', 'SpaController@main')->where('any', '^(?!api)(?!logout)(?!storage).*$')->middleware('auth');
Route::get('logout', 'AuthController@logout')->middleware('auth');
Route::post('login', 'AuthController@login');
authorization controller
public function login(Login $request)
{
if (config('recaptcha.enabled') && !$this->checkRecaptcha($request['recaptchaToken'], $request->ip())) {
return 'Captcha error';
}
$credentials = request(['email', 'password']);
if(!Auth::attempt($credentials))
return response()->json([
'message' => 'Unauthorized'
], 401);
$user = $request->user();
$tokenResult = $user->createToken('Personal Access Token');
$token = $tokenResult->token;
if ($request->remember_me)
$token->expires_at = Carbon::now()->addWeeks(1);
$token->save();
return (['redirect' => redirect()->intended('/')->getTargetUrl()]);
}
logout route(placed in api)
Route::middleware(['auth:api','request.log'])->get('/logout', function (Request $request) {
$request->user()->token()->revoke();
});
oauth_access_tokentable is same for both main and client? – void