Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Currently digging deeper in API and i play around with simple auth process . My question is do i need to make function logout for each role ( in future ) for example , i have 3 role . so do i need to implement the same function logout into each role ? Based on my understanding, API are playing with token right ? so it doesnt same like web which is we can call " auth()->user()->id " .
Route::post('/login','API\V1\Auth\LoginController@login')->name('login');
Route::post('/register','API\V1\Auth\RegisterController@register')->name('register');
Route::prefix('user')->middleware('auth:api')->group(function(){
Route::get('/logout','API\V1\Auth\LoginController@logout')->name('logout');
Route::get('user-profile/{id}','API\V1\User\SettingController@showUserProfile')->name('view-user-profile');
Route::post('update-user-profile/{id}','API\V1\User\SettingController@updateUserProfile')->name('update-user-profile');
});
You don't have to use logout. The passport uses stateless. So, there is no session for that.
In that case, it expects access token in every request. It won't entertain the request if there is no valid access token.
You can take a deep look into it- https://laravel.com/docs/5.8/passport#token-lifetimes
Please or to participate in this conversation.