I added token expiration to application that has login system, by changed null to 1 minute expiration in sanctum.php file:
/*
|--------------------------------------------------------------------------
| Expiration Minutes
|--------------------------------------------------------------------------
|
| This value controls the number of minutes until an issued token will be
| considered expired. If this value is null, personal access tokens do
| not expire. This won't tweak the lifetime of first-party sessions.`enter code here`
|
*/
'expiration' => 1,
It doesn't work, the app still accept authorized requests all the time. Nothing has changed.
Code:
$tokenResult = $user -> createToken('authToken') -> plainTextToken;
return response() -> json([
'status_code' => 200,
'access_token' => $tokenResult,
'token_type' => 'Bearer',
]);
Route::group(['middleware' => 'auth:sanctum'], function () {
[Routes]
});
Auth::user()->tokens()->delete();
return response()->json([
'status_code' => 200,
]);
You might need to clear your config cache. Try to run php artisan config:clear in your terminal