Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I want to make an API where each registered user can log in from an app iOS, Android and SPA Web, I read the documentation of Laravel Passport, but it is not clear to me what kind of token to use; I'm confused, if the user starts the session on the web, the token of his mobile device is lost?
At a session initiation, the token should not be invalidated. The same user can obtain tokens from different clients in the same API, without any problem.
When the client is trusted and the credentials can be entrusted, for simplicity, the password grant can be used. However, due to scalability and growth or changes that the client may have, it is preferable to do so through authorization code.
Mmm, easy way... add the api_token field to the users table and not to complicate things using Passport ;)
Please or to participate in this conversation.