What I did:
I added token expiration to application that has login system, by changed null to 1 minute expiration in sanctum.php file:
/* |-------------------------------------------------------------------------- | Expiration Minutes |-------------------------------------------------------------------------- | | This value controls the number of minutes until an issued token will be | considered expired. If this value is null, personal access tokens do | not expire. This won't tweak the lifetime of first-party sessions.`enter code here` | */ 'expiration' => 1,
Problem:
It doesn’t work, the app still accept authorized requests all the time. Nothing has changed.
Code:
- Create token (login):
$tokenResult = $user -> createToken('authToken') -> plainTextToken;
return response() -> json([
'status_code' => 200,
'access_token' => $tokenResult,
'token_type' => 'Bearer',
]);
- Verify token:
Route::group(['middleware' => 'auth:sanctum'], function () {
[Routes]
});
- Delete token (log out):
Auth::user()->tokens()->delete();
return response()->json([
'status_code' => 200,
]);
Advertisement
Answer
You might need to clear your config cache. Try to run php artisan config:clear in your terminal