Level 88
Do you use a custom auth guard? You say you use passport. How is the user logged in right now?
Can you provide any other information. Where do you call Auth::logout? What about middlewares?
May 11, 2018
9
Level 3
Passport and Auth::logout() produce an error
I am using Laravel 5.6 with Passport to consume my own API. What I don't understand is why when I try to logout a user using:
Auth::logout()
I now get the following error:
Illuminate\Auth\RequestGuard::logout does not exist.
Functions like
return Auth::user();
all work fine so I'm stuck as to why this one method won't work. Any thoughts?
Level 3
I don't use any custom guards. My Auth.php is as per the Passport Setup:
<?php
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
This is my LoginController.php:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
This is my App\Http\Kernel.php:
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
\Barryvdh\Cors\HandleCors::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
}
This is my UserController.php where the logout code resides:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Auth;
use Illuminate\Support\Facades\Cookie;
class UserController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
return view('index');
}
public function getUserFirstName()
{
return Auth::user()->first_name;
}
public function getUserFullName()
{
return Auth::user()->full_name;
}
public function logout()
{
Auth::logout();
}
}
When the code hits Auth::logout(); it fails with:
ERROR: Method Illuminate\Auth\RequestGuard::logout does not exist.
I appreciate any pointers this may give you.
Level 88
So it seems that Auth:: is returning the RequestGuard class. If you look in the code, this class indeed doesn't have a logout method.
Also when using password, you work with tokens right? You can't really logout, you can only invalidate the token or let the token expire right? So it's not that weird that there is no logout method ;)
Level 3
I have tried expiring the token with:
public function logout()
{
$cookie = Cookie::forget('laravel_token');
return response('You are now logged out.')->withCookie($cookie);
}
which deletes the token but if you refresh the page the token is reset due to \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, plus Auth::user() continues to return a valid user so they are never logged out. Maybe I'm missing something but surely you should be able to force a user to login in again once they've logged out, otherwise they and anybody else with access to their device are permanently logged in !
Level 3
Well I guess I over complicated things. By using the built-in Auth route logout:
axios.post("/logout");
the user is logged out as expected. Thanks for your input, it put me on the right track to resolve this.
Level 8
You should specify the web guard:
auth('web')->logout();
10 likes
Level 1
I was getting the same error using jetsream (Laravel 8). That solved my problem. Thanks!
Level 6
@gonzalg wow thank you very much.. where is this in the documentation? Spent so long looking, and this is 3 yrs old too! Cheers.
Level 1
Hello I think you can use Auth facade with proper token revoke like this Auth::user()->token()->revoke() your passport access token will be revoke
1 like
Please or to participate in this conversation.