Laravel Passport: How to revoke and delete refresh token?

@devondahon are you sure you wanna delete the refresh token too?

@deepu07 Why would I keep it ?

The HasApiTokens trait you have in your User model has those methods.

The best way I found to revoke both the access token and the refresh token was to call the methods revokeAccessToken and revokeRefreshTokensByAccessTokenId from the Passport repositories. You can find the original code in the Passport documentation.

Here is an example LogoutController I did some time ago. Hope it helps!

public function __invoke(Request $request)
{
    $request->user()
        ->tokens
        ->each(function ($token, $key) {
            $this->revokeAccessAndRefreshTokens($token->id);
        });

    return response()->json('Logged out successfully', 200);
}

protected function revokeAccessAndRefreshTokens($tokenId) {
    $tokenRepository = app('Laravel\Passport\TokenRepository');
    $refreshTokenRepository = app('Laravel\Passport\RefreshTokenRepository');

    $tokenRepository->revokeAccessToken($tokenId);
    $refreshTokenRepository->revokeRefreshTokensByAccessTokenId($tokenId);
}

Regarding the VSCode, have a look into the PHP Intelephense and the Laravel IDE Helper extensions.

@mwguerra Thanks for your answer!

I'm finally using this in my logout route:

    // Revoke access token
    // => Set public.oauth_access_tokens.revoked to TRUE (t)
    $request->user()->token()->revoke();

    // Revoke all of the token's refresh tokens
    // => Set public.oauth_refresh_tokens.revoked to TRUE (t)
    $refreshTokenRepository = app('Laravel\Passport\RefreshTokenRepository');
    $refreshTokenRepository->revokeRefreshTokensByAccessTokenId($request->user()->token()->id);