Search code examples
laravelapioauth-2.0laravel-passport

Laravel passport Authorization token expire on generating new token

I am using laravel 5.5 with passport authentication for API Routes. I am using bearer token. The problem is that the old generated token is accepted in place of unauthenticated. Steps :

  • create one bearer token. Use it. It is working fine.
  • create another token without logout and it is working fine.
  • now if I use the first created token it is also working. It should not be working but it is accepted.

Is there any way by what I can achieve this? Thanks in advance.

Solution

  • One possible solution is: Check before creating a new token, if an old one is existing and delete this one. To do this:

    Create a Model named OauthAccessToken

    Update your User Model the following

    /**
 * 1:n zu access token, we need to logout users
 *
 * @return \Illuminate\Database\Eloquent\Relations\HasMany
 */
public function accessTokens()
{
    return $this->hasMany(OauthAccessToken::class);
}

    Now you can check with this and delete all tokens from a user

    if ($user->accessTokens->count() > 0) {
    $user->accessTokens()->delete();
}