Hi! Very helpful tutorial!
The only inconvenient that I have is that the session starts in the login, and when I tried to revoke the token (the route is under auth:api middleware) the session is not over and when i triy to login again, it skips the login form and jumps to the authorization prompt or just to callback page. I tried to create a route in the web middleware which kills the session but always stores the cookie 'laravel_session' and 'XSRF-TOKEN' and can't delete them.
Did this happen to you? Thanks in advance.
This is not working for me because uses the laravel_session cookie data to persist login and return a new access_token without ask for credentials again, redirecting to the callback page directly.
Laravel destroy the session after a while or when the browser is closed but it's a problem when I want to change user to login because I have to wait or close everything.
Maybe the problem is the session based login, but there is no much info about it.
I would like to know if it has happened to you and if anyone could solve it.
Sorry about my english, is not my mother tongue. And thanks again!
Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (api.php routes with auth:api middleware), revoking the token:
publicfunctionlogoutAPI(){Auth::user()->token()->revoke();$tokenId=Auth::user()->token()->id;$tokenRepository=app('Laravel\Passport\TokenRepository');$refreshTokenRepository=app('Laravel\Passport\RefreshTokenRepository');$tokenRepository->revokeAccessToken($tokenId);$refreshTokenRepository->revokeRefreshTokensByAccessTokenId($tokenId);returnresponse()->json(['msg'=>'You have been succesfully logged out'],200);}
And in the web guard (web.php routes), kill the session:
publicfunctionlogoutSession(Request$request){Auth::guard('web')->logout();Session::flush();//the frontend sends a logout_uri query string to redirectreturnresponse()->redirectTo($request->query('logout_uri'));}
In the frontend I send an axios post request to the logoutAPI route and then call the logoutSession route. Here is the code using the @nuxtjs/auth-next module.
logout(){this.$axios.get('/api/logout').then(response=>{this.$auth.reset();//deletes tokens in nuxt appthis.$auth.logout();//redirects to logoutSession this.$axios.setHeader('Authorization',null);}).catch(error=>console.log(error.response));}
This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi! Very helpful tutorial!
The only inconvenient that I have is that the session starts in the login, and when I tried to revoke the token (the route is under auth:api middleware) the session is not over and when i triy to login again, it skips the login form and jumps to the authorization prompt or just to callback page. I tried to create a route in the web middleware which kills the session but always stores the cookie 'laravel_session' and 'XSRF-TOKEN' and can't delete them.
Did this happen to you? Thanks in advance.
How do you revoke the token?
Yes, not only using
but also like indicates the docs:
Laravel - revoking tokens
This is not working for me because uses the
laravel_sessioncookie data to persist login and return a newaccess_tokenwithout ask for credentials again, redirecting to the callback page directly.Laravel destroy the session after a while or when the browser is closed but it's a problem when I want to change user to login because I have to wait or close everything.
Maybe the problem is the session based login, but there is no much info about it.
I would like to know if it has happened to you and if anyone could solve it.
Sorry about my english, is not my mother tongue. And thanks again!
Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (
api.phproutes withauth:apimiddleware), revoking the token:And in the web guard (
web.phproutes), kill the session:In the frontend I send an axios post request to the
logoutAPIroute and then call thelogoutSessionroute. Here is the code using the@nuxtjs/auth-nextmodule.This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!