Laravel 7 Sanctum logout

Question

I'm using Laravel 7 with Sanctum authentication for my app.
How can i implement the logout procedure?
I use:

Auth::user()->tokens()->delete();

and it works, but It delete all tokens of this user. i would like to delete only the token of the user who requested the logout, in this way the other sessions should remain open

STA · Accepted Answer · 2023-05-04T04:59:57.433

42

You need to specify the user :

// Revoke a specific user token
Auth::user()->tokens()->where('id', $id)->delete();

// Get user who requested the logout
$user = request()->user(); //or Auth::user()

// Revoke current user token
$user->tokens()->where('id', $user->currentAccessToken()->id)->delete();

Update of Laravel 7, 8, 9, 10 :

// Revoke the token that was used to authenticate the current request...
$request->user()->currentAccessToken()->delete();

// Revoke a specific token...
$user->tokens()->where('id', $tokenId)->delete();

edited May 04 '23 at 04:59

answered Jun 21 '20 at 10:12

STA

30,729
8
45
59

How can I get the token ID? – enfix Jun 21 '20 at 11:37
@enfix it would be `Auth::user()->tokens()->where('id', $id)->get('field_name')->first();` the `field_name` is your `column` name where you store token. – STA Jun 21 '20 at 12:04
No, I don't know how to set $id variable. is not the id token? – enfix Jun 21 '20 at 12:20
@enfix, in this case id and token are not same. If you are logged in user then you can get $id by `$id = Auth::user()->id;` So it would be `Auth::user()->tokens()->where('id', Auth::user()->id)->delete();` – STA Jun 21 '20 at 12:35
It don't work: Auth::user()->id is the user ID, not token ID. – enfix Jun 21 '20 at 15:34
@enfix, I give you `user ID` not token id – STA Jun 21 '20 at 15:36
It' does't work (no error, but nothing appends).I need to identify the specific token to rewoke/delete and not all token about the specific user. – enfix Jun 21 '20 at 15:52
1

I solve use this solution: Auth::user()->tokens()->where('id', Auth::user()->currentAccessToken()->id)->delete(); – enfix Jun 21 '20 at 16:24
Call to undefined method App\User::tokens() – Rejaul Nov 04 '20 at 04:04
@Rejaul `App\Models\User::tokens() ` – STA Nov 04 '20 at 04:49

score 13 · Answer 2 · answered Aug 02 '20 at 15:55

13

For the logout, you can directly delete the token if you use currentAccessToken().

$request->user()->currentAccessToken()->delete();

answered Aug 02 '20 at 15:55

Pj Salita

131
2

1

Call to undefined method App\User::currentAccessToken() – Rejaul Nov 04 '20 at 03:30
add `HasApiTokens` trait on your `User` model – Stefan Tanevski Jan 05 '21 at 11:22
No dice even with the trait on my request user :/ – Micheal C Wallas Apr 06 '21 at 08:35
this also work **auth()->user()->tokens()->delete()** if you use current AccessToken – Paul Iverson Cortez Feb 16 '22 at 10:51

score 10 · Answer 3 · answered Aug 12 '22 at 21:51

To Logout, In laravel 9

   use Laravel\Sanctum\PersonalAccessToken;


   // Get bearer token from the request
    $accessToken = $request->bearerToken();
    
    // Get access token from database
    $token = PersonalAccessToken::findToken($accessToken);

    // Revoke token
    $token->delete();

score 2 · Answer 4 · answered Nov 14 '22 at 03:33

2

for people who got error regarding currentAccessToken() that null or undefined, don't forget to put your logout route inside auth:sanctum middleware.

so after using

$request->user()->currentAccessToken()->delete();

put the logout route like this:

Route::middleware('auth:sanctum')->group( function () {
    Route::post('logout', [AuthController::class, 'signout']);
});

answered Nov 14 '22 at 03:33

fajar wz

31
2

And don't forget to add the Bearer token to your request – timgavin Jun 01 '23 at 12:06

Laravel 7 Sanctum logout

4 Answers4

Linked

Related