1 year ago

Using Passport, Personal Access Token Expiration behaviour?

Posted 1 year ago by kingshark

I'm dealing with Laravel Passport, and confused by something:

  1. Does personal access token expire? I checked newly generated personal access token in table oauth_access_tokens, found expires_at is set to 1 year later. However after I change it to yesterday, I can still get authenticated successfully, so does it really has a expiry date?

  2. Seems like we can create multiple personal access client, but when I issue the personal access token like this:

$user = \App\Model\User::find(1);

$token = $user->createToken('test token')->accessToken;

The new access token automatically bind to the latest personal access client. (can check it in table oauth_access_tokens, client_id column). So how can I specify the personal access client I use? If I can't, how does it make sense to allow multiple personal access client ?

Please sign in or create an account to participate in this conversation.