Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (api.php routes with auth:api middleware), revoking the token:
publicfunctionlogoutAPI(){Auth::user()->token()->revoke();$tokenId=Auth::user()->token()->id;$tokenRepository=app('Laravel\Passport\TokenRepository');$refreshTokenRepository=app('Laravel\Passport\RefreshTokenRepository');$tokenRepository->revokeAccessToken($tokenId);$refreshTokenRepository->revokeRefreshTokensByAccessTokenId($tokenId);returnresponse()->json(['msg'=>'You have been succesfully logged out'],200);}
And in the web guard (web.php routes), kill the session:
publicfunctionlogoutSession(Request$request){Auth::guard('web')->logout();Session::flush();//the frontend sends a logout_uri query string to redirectreturnresponse()->redirectTo($request->query('logout_uri'));}
In the frontend I send an axios post request to the logoutAPI route and then call the logoutSession route. Here is the code using the @nuxtjs/auth-next module.
logout(){this.$axios.get('/api/logout').then(response=>{this.$auth.reset();//deletes tokens in nuxt appthis.$auth.logout();//redirects to logoutSession this.$axios.setHeader('Authorization',null);}).catch(error=>console.log(error.response));}
This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Maybe you should try to revoke the token and clear the users session, maybe that will do it. But I don't know if this is the right way to logout some user...
After several trials, I came up with a solution (not an elegant one I guess) that works.
It's a mix from logout from the API guard (
api.phproutes withauth:apimiddleware), revoking the token:And in the web guard (
web.phproutes), kill the session:In the frontend I send an axios post request to the
logoutAPIroute and then call thelogoutSessionroute. Here is the code using the@nuxtjs/auth-nextmodule.This way, every time I logout from the app and login again, the credentials are required and doesn't persists.
Thanks for your replies, I hope this helps someone!