What I did:
I added token expiration to application that has login system, by changed null
to 1
minute expiration
in sanctum.php file:
/* |-------------------------------------------------------------------------- | Expiration Minutes |-------------------------------------------------------------------------- | | This value controls the number of minutes until an issued token will be | considered expired. If this value is null, personal access tokens do | not expire. This won't tweak the lifetime of first-party sessions.`enter code here` | */ 'expiration' => 1,
Problem:
It doesn’t work, the app still accept authorized requests all the time. Nothing has changed.
Code:
- Create token (login):
$tokenResult = $user -> createToken('authToken') -> plainTextToken; return response() -> json([ 'status_code' => 200, 'access_token' => $tokenResult, 'token_type' => 'Bearer', ]);
- Verify token:
Route::group(['middleware' => 'auth:sanctum'], function () { [Routes] });
- Delete token (log out):
Auth::user()->tokens()->delete(); return response()->json([ 'status_code' => 200, ]);
Advertisement
Answer
You might need to clear your config cache. Try to run php artisan config:clear
in your terminal