Discussion on: PKCE authenticaton for Nuxt SPA with Laravel as backend

franfoukal profile image

After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (api.php routes with auth:api middleware), revoking the token:

public function logoutAPI(){

        $tokenId = Auth::user()->token()->id;

        $tokenRepository = app('Laravel\Passport\TokenRepository');
        $refreshTokenRepository = app('Laravel\Passport\RefreshTokenRepository');

        return response()->json([
            'msg' => 'You have been succesfully logged out'

And in the web guard (web.php routes), kill the session:

    public function logoutSession(Request $request){
        //the frontend sends a logout_uri query string to redirect
        return response()->redirectTo($request->query('logout_uri'));

In the frontend I send an axios post request to the logoutAPI route and then call the logoutSession route. Here is the code using the @nuxtjs/auth-next module.

            .then(response => {
                this.$auth.reset(); //deletes tokens in nuxt app
                this.$auth.logout(); //redirects to logoutSession 
                this.$axios.setHeader('Authorization', null); 
            .catch(error => console.log(error.response));

This way, every time I logout from the app and login again, the credentials are required and doesn't persists.

Thanks for your replies, I hope this helps someone!