Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

faidfadjri's avatar

Laravel Passport Authorize Keep Signed-in with previous Account

Im trying to using Laravel Passport Library to create an OAUTH2 Server for my own Single-Sign-On Services but i have problem like this, First time i try the laravel passport it work normally. I create a client on server setup on client hit the OAUTH2 Server API and boom it works.

Until i trying to logout then i login again using builtin passport ENDPOINT oauth/authorize? but now it automatically signed in i can't even to change another user

after trying solution when i try to manually delete cookies on OAUTH2 Server it works. but i try to delete all cookies when function logout triggerred it affect nothing. Help me :)

Login code - OAUTH2 Server Login Function $credentials = $request->only('email', 'password');

    if (auth()->guard()->attempt($credentials, false)) {
        return redirect()->intended();
    }

    return redirect()->route('login')
        ->withInput($credentials)
        ->withErrors([
            'email' => 'Invalid credentials. Please check your email and password.',
        ])
        ->with('error', 'Invalid credentials. Please check your email and password.');

This is on my client :

public function redirect (Request $request)
{
    $state = Str::random(25) . strval(time());
    $request->session()->put('state', $state);


    $query = http_build_query([
        'client_id'     =>  $this->CLIENT_ID,
        'redirect_uri'  =>  $this->CLIENT_CALLBACK,
        'response_type' => 'code',
        'scope'         => '',
        'state'         => $state,
    ]);


    return redirect($this->SERVER_URI . '/oauth/authorize?' . $query);
}

public function callback(Request $request)
{
    $state = $request->session()->pull('state');
    throw_unless(
        strlen($state) > 0 && $state === $request->state,
        InvalidArgumentException::class,
        'Invalid state value.'
    );

    $response = Http::asForm()->post($this->SERVER_URI . '/oauth/token', [
        'grant_type'    => 'authorization_code',
        'client_id'     => $this->CLIENT_ID,
        'client_secret' => $this->CLIENT_SECRET,
        'redirect_uri'  => $this->CLIENT_CALLBACK,
        'code'          => $request->input('code'),
    ]);

    $token     = $response->json()['access_token'];
    $account   = Http::withHeaders([
        'Authorization' => 'Bearer ' . $token
    ])->get($this->SERVER_URI . '/auth/me')->json();



    $account['access_token'] = $token;


    // Account Exist
    UserSession::set($account);



    return redirect()->to('/');
}

whenever i access the redirect it always automatically signed in. why ? any solution ?

0 likes
0 replies

Please or to participate in this conversation.