Level 80
@panthro You don’t “log out” of APIs.
Oct 15, 2021
9
Level 4
Sanctum API Logout?
I'm trying to use Auth::logout(); to logout of my api.
I also have this middleware so you can only logout if logged in: $this->middleware('auth:sanctum');
I get the error: Method Illuminate\\Auth\\RequestGuard::logout does not exist.
How can I log the user out?
Level 4
@martinbean thanks, how do you unauthenticate the user then?
Level 75
Also @panthro you can revoke tokens: https://laravel.com/docs/8.x/sanctum#revoking-tokens
See also https://stackoverflow.com/questions/62496954/laravel-7-sanctum-logout
It has a section that says "update for laravel 8". I also suggest viewing any videos @jeffreyway has on Sanctum.
1 like
Level 4
@jlrdw thanks but the user doesnt have tokens, it's an SPA. Any ideas how to log out?
Level 75
@panthro See https://laravel.com/docs/8.x/sanctum#spa-authentication. Just follow that, it will be cookie based.
1 like
Level 4
@jlrdw ive followed that, nothing about Log out, and the linked auth pages, the methods don't work either.
Level 75
@panthro direct from the documentation:
You are free to write your own /login endpoint; however, you should ensure that it authenticates the user using the standard, session based authentication services that Laravel provides. Typically, this means using the web authentication guard.
and
Once CSRF protection has been initialized, you should make a POST request to your Laravel application's /login route. This /login route may be implemented manually or using a headless authentication package like Laravel Fortify.
So if setup with web authentication guard, and you are using fortify (or whichever you use), according to the documentation you should be able to implement standard authentication including a logout. The standard, session based authentication services link leads here:
https://laravel.com/docs/8.x/authentication#authenticating-users
You have to setup your logout.
Edit:
In one app I have using fortify, logout is:
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="{{ route('logout') }}"
onclick="event.preventDefault();
document.getElementById('logout-form').submit();">
{{ __('Logout') }}
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" class="d-none">
@csrf
</form>
</div>
Also see this issue: https://github.com/laravel/sanctum/issues/87
1 like
Level 51
Add Use Laravel\Sanctum\HasApiTokens to your User.php model and then:
// delete all tokens, essentially logging the user out
$user->tokens()->delete();
// delete the current token that was used for the request
$request->user()->currentAccessToken()->delete();
If you are using Fortify, you can just make a post request to the /logout endpoint.
The Fortify code does this:
/**
* Destroy an authenticated session.
*
* @param \Illuminate\Http\Request $request
* @return \Laravel\Fortify\Contracts\LogoutResponse
*/
public function destroy(Request $request): LogoutResponse
{
$this->guard->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return app(LogoutResponse::class);
}
}
So, another way would be to call logout() on the web guard:
Auth::guard('web')->logout();
Hopefully one of the above approaches will solve your issue.
6 likes
Level 1
@Talinon thanks
Please or to participate in this conversation.