I've added this two event listeners to my : EventServiceProvider
/**
* The event listener mappings for the application.
*
* @var array
*/
protected $listen = [
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOldTokens',
],
'Laravel\Passport\Events\RefreshTokenCreated' => [
'App\Listeners\PruneOldTokens',
],
];
And in my AuthServiceProvider I have :
public function boot()
{
$this->registerPolicies();
Passport::routes();
passport::$revokeOtherTokens;
passport::$pruneRevokedTokens;
Passport::tokensExpireIn(Carbon::now()->addDays(1));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(2));
}
I want passport to revoke all other user access tokens and then prune them if they are revoked. but nothing is happening and every time I request an access token from postman I get a new access Token while there are several access tokens in the database.
Best Answer(As Selected By anonymox)
I've Solved My problem This way : Step1 - In EventServiceProvider should change the path to the Access Token createdn and also refresh token created :
protected $listen = [
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOldTokens',
],
'Laravel\Passport\Events\RefreshTokenCreated' => [
'App\Listeners\PruneOldTokens',
],
];
Step2- generate this two listeners events :
php artisan event:generate
Step3- Modify AccessTokenCreated & RefreshTokenCreated event handle methods :
namespace App\Listeners;
use Laravel\Passport\Events\AccessTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;
class RevokeOldTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param AccessTokenCreated $event
* @return void
*/
public function handle(AccessTokenCreated $event)
{
DB::table('oauth_access_tokens')
->where('id', '<>', $event->tokenId)
->where('user_id', $event->userId)
->where('client_id', $event->clientId)
->update(['revoked' => true]);
}
}
<?php
namespace App\Listeners;
use Laravel\Passport\Events\RefreshTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;
class PruneOldTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param RefreshTokenCreated $event
* @return void
*/
public function handle(RefreshTokenCreated $event)
{
DB::table('oauth_refresh_tokens')
->where('id', '<>', $event->refreshTokenId)
->where('access_token_id', '<>', $event->accessTokenId)
->update(['revoked' => true]);
}
}
After This steps if I send any request to my project it will check for tokens and if there is another token it will revoke it and make it unathorized.
