So I have to build an API, for a mobile app, using Laravel 5.5. Sentinel has been already implemented for the authentication. I used Laravel Passport to secure the API routes using this example (this is exactly my code): https://medium.com/modulr/create-api-authentication-with-passport-of-laravel-5-6-1dc2d400a7f.
The desired flow: A user logins using the mobile app. An access token is assigned to him and it will be sent in the headers (Authorization => Bearer accessTokenHere) for each API endpoint call. After he logs out he won't be able to access any endpoint, except for the login one.
My problem is that even if the token has expired (oauth_access_tokens table -> expires_at column), the API endpoint still retrieves data. When I logout, the API endpoints do not retrieve data, as expected. How can I check if the Passport token is expired and restrict access to the API endpoints? Also, on each login, I get a new access token, but the old one is not deleted from oauth_access_tokens table => is this correct?
Thanks in advance.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire