Laravel Sanctum: Best Practices for Logout in Mobile Apps

@martinbean That is what I am doing, revoking the tokens but sometimes due to some internet issues or some anomalies tokens get lost on mobile devices, and as the logout route is protected by auth:sanctum middleware an authenticated user cannot call that API they get the unauthenticated exception. So, should I handle anomalies and this behavior in the mobile app or just remove auth:sanctum middleware from logout route. I am asking what best practices says here

@mjk22071998 Follow this. https://laravel.com/docs/9.x/sanctum#revoking-mobile-api-tokens

Also see the last episode here: https://laracasts.com/series/laravel-authentication-options

https://laracasts.com/series/laravel-authentication-options/episodes/17

@jlrdw I am sorry but I know how to revoke. again, right now I am handling the anomalous behavior where the auth token gets lost at the mobile application then the logout API returns an unauthenticated exception because the logout route is protected by auth:sanctum middleware. So, Now I am asking, What are best practices here whether to handle anomalies at mobile app or just remove the auth:sanctum middleware?

@mjk22071998 If the token is “lost” then the user is no longer authenticated, so send them back to through the authentication flow to get a fresh token.

@mjk22071998 I don't even know what that means:

where the auth token gets lost

It's deleted, you issue a new token when their credentials are validated again.

Reference:

https://laravel.com/docs/9.x/sanctum#issuing-mobile-api-tokens