I've added this two event listeners to my : EventServiceProvider
/**
* The event listener mappings for the application.
*
* @var array
*/
protected $listen = [
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOldTokens',
],
'Laravel\Passport\Events\RefreshTokenCreated' => [
'App\Listeners\PruneOldTokens',
],
];
And in my AuthServiceProvider I have :
public function boot()
{
$this->registerPolicies();
Passport::routes();
passport::$revokeOtherTokens;
passport::$pruneRevokedTokens;
Passport::tokensExpireIn(Carbon::now()->addDays(1));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(2));
}
I want passport to revoke all other user access tokens and then prune them if they are revoked. but nothing is happening and every time I request an access token from postman I get a new access Token while there are several access tokens in the database.
I've Solved My problem This way :
Step1 - In EventServiceProvider should change the path to the Access Token created and also refresh token created :
protected $listen = [
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOldTokens',
],
'Laravel\Passport\Events\RefreshTokenCreated' => [
'App\Listeners\PruneOldTokens',
],
];
Step2- generate this two listeners events :
php artisan event:generate
Step3- Modify AccessTokenCreated & RefreshTokenCreated event handle methods :
RevokeOldTokens Class :
namespace App\Listeners;
use Laravel\Passport\Events\AccessTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;
class RevokeOldTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param AccessTokenCreated $event
* @return void
*/
public function handle(AccessTokenCreated $event)
{
DB::table('oauth_access_tokens')
->where('id', '<>', $event->tokenId)
->where('user_id', $event->userId)
->where('client_id', $event->clientId)
->update(['revoked' => true]);
}
}
PruneOldTokens Class :
namespace App\Listeners;
use Laravel\Passport\Events\RefreshTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;
class PruneOldTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param RefreshTokenCreated $event
* @return void
*/
public function handle(RefreshTokenCreated $event)
{
DB::table('oauth_refresh_tokens')
->where('id', '<>', $event->refreshTokenId)
->where('access_token_id', '<>', $event->accessTokenId)
->update(['revoked' => true]);
}
}
After This steps if I send any request to my project it will check for tokens and if there is another token it will revoke it and make it unathorized.
May be because you missed something important to let the passport works find,
1- Register Passport service provider in the providers array of your config/app.php
Laravel\Passport\PassportServiceProvider::class,
1- you have to add the Laravel\Passport\HasApiTokens trait to your App\User model
2- in your config/auth.php configuration file, you should set the driver option of the api authentication guard to passport
check this
http://www.snippetcase.com/snippet/61/API+Authentication+(Passport)+Laravel+5.3
