如何使Laravel护照中的用户的所有令牌无效? [英] How to invalidate all tokens for an user in laravel passport?
问题描述
在我们的应用中,当用户注销时,我们以这种方式使该特定设备的访问令牌无效.
In our app when user logs out we invalidate the access token for that particular device this way.
$user = $request->user();
$value = $request->bearerToken();
$id = (new Parser())->parse($value)->getHeader('jti');
$token = $user->tokens->find($id);
$token->revoke();
但是,当用户停用其帐户时,我们希望使该用户登录的所有设备上的所有访问令牌都失效. 我浏览了该文档,但没有发现任何有用的信息.谢谢
But when an user deactivates his/her account, we would like to invalidate all the access tokens from all the devices the user is logged in. I looked through the document but did not find anything useful. Thanks
推荐答案
看看 HasApiTokens
性状. 文档建议将此特征添加到用户模型中.它提供的方法之一是tokens()
,它使用特征在Laravel\Passport\Token
和模型之间定义了hasMany
关系.您可以使用它来检索给定用户的所有令牌的列表:
Take a look at the HasApiTokens
trait provided by passport. The documentation recommends adding this trait to your User model. One of the methods it provides is tokens()
, which defines a hasMany
relationship between Laravel\Passport\Token
and models using the trait. You can use this to retrieve a list of all of the tokens for a given user:
$userTokens = $userInstance->tokens;
令牌模型本身具有revoke
方法:
The token model itself has a revoke
method:
foreach($userTokens as $token) {
$token->revoke();
}
这篇关于如何使Laravel护照中的用户的所有令牌无效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!