Level 80
@devondahon Why do you have a user session at all when Passport is for token-based authentication?
Jul 8, 2020
4
Level 3
Remove Laravel user session after Laravel Passport sends token to a frontend SPA app
Where should I call my deleteUserSession() method below after Laravel Passport sends back a token to my SPA frontend ?
public function deleteUserSession(Request $request)
{
return DB::table('sessions')
->whereUserId($request->user()->id)
->delete();
}
Currently, I'm calling this deleteUserSession() method together with a revokeUserToken() method when the frontend LOGOUT button is pressed, but I would like to limit the logout to revokeUserToken() method and call deleteUserSession() method earlier, at login.
public function deleteUserSession(Request $request)
{
return DB::table('public.sessions')
->whereUserId($request->user()->id)
->delete();
}
public function revokeUserToken(Request $request)
{
// Revoke token
$request->user()->token()->revoke();
// Revoke refresh token
$refreshTokenRepository = app('Laravel\Passport\RefreshTokenRepository');
$refreshTokenRepository->revokeRefreshTokensByAccessTokenId(
$request->user()->token()->id
);
return;
}
Level 3
@martinbean The user needs to authenticate in the backend to get the authorization code and token before. Otherwise, how would it work ?
Level 80
@devondahon Passport’s a wrapper around an OAuth server. OAuth is token-based authentication. You request tokens from the OAuth server.
Level 3
Finally, I'm removing the user session in the first call made by the frontend (using token), which is the a getUserInformation method:
return DB::table('public.sessions')
->whereUserId($request->user()->id)
->delete();
Please or to participate in this conversation.