如何使Laravel护照中的用户的所有令牌无效? [英] How to invalidate all tokens for an user in laravel passport?

问题描述

在我们的应用中，当用户注销时，我们以这种方式使该特定设备的访问令牌无效.

In our app when user logs out we invalidate the access token for that particular device this way.

$user = $request->user();

$value = $request->bearerToken();
$id = (new Parser())->parse($value)->getHeader('jti');
$token = $user->tokens->find($id);
$token->revoke();

但是，当用户停用其帐户时，我们希望使该用户登录的所有设备上的所有访问令牌都失效. 我浏览了该文档，但没有发现任何有用的信息.谢谢

But when an user deactivates his/her account, we would like to invalidate all the access tokens from all the devices the user is logged in. I looked through the document but did not find anything useful. Thanks

推荐答案

看看 HasApiTokens 性状. 文档建议将此特征添加到用户模型中.它提供的方法之一是tokens()，它使用特征在Laravel\Passport\Token和模型之间定义了hasMany关系.您可以使用它来检索给定用户的所有令牌的列表:

Take a look at the HasApiTokens trait provided by passport. The documentation recommends adding this trait to your User model. One of the methods it provides is tokens(), which defines a hasMany relationship between Laravel\Passport\Token and models using the trait. You can use this to retrieve a list of all of the tokens for a given user:

$userTokens = $userInstance->tokens;

令牌模型本身具有revoke方法:

The token model itself has a revoke method:

foreach($userTokens as $token) {
    $token->revoke();   
}

这篇关于如何使Laravel护照中的用户的所有令牌无效?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！