laravel passport revoke and prune event listener is not doing anything

最新推荐文章于 2021-03-25 18:04:08 发布

转载最新推荐文章于 2021-03-25 18:04:08 发布 · 533 阅读

本文介绍如何使用Laravel Passport实现用户的访问令牌自动撤销及清理过期令牌的功能，通过自定义监听器来更新数据库中已撤销的令牌。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

I've added this two event listeners to my : EventServiceProvider

    /**
     * The event listener mappings for the application.
     *
     * @var array
     */
    protected $listen = [
        'Laravel\Passport\Events\AccessTokenCreated' => [
            'App\Listeners\RevokeOldTokens',
        ],
    
        'Laravel\Passport\Events\RefreshTokenCreated' => [
            'App\Listeners\PruneOldTokens',
        ],
    ];

And in my AuthServiceProvider I have :

     public function boot()
        {
            $this->registerPolicies();
    
            Passport::routes();
            passport::$revokeOtherTokens;
            passport::$pruneRevokedTokens;
            Passport::tokensExpireIn(Carbon::now()->addDays(1));
            Passport::refreshTokensExpireIn(Carbon::now()->addDays(2));
    
        }

I want passport to revoke all other user access tokens and then prune them if they are revoked. but nothing is happening and every time I request an access token from postman I get a new access Token while there are several access tokens in the database.

Best Answer(As Selected By anonymox)

anonymox

1 year ago

I've Solved My problem This way : Step1 - In EventServiceProvider should change the path to the Access Token createdn and also refresh token created :

 protected $listen = [
        'Laravel\Passport\Events\AccessTokenCreated' => [
            'App\Listeners\RevokeOldTokens',
        ],

        'Laravel\Passport\Events\RefreshTokenCreated' => [
            'App\Listeners\PruneOldTokens',
        ],
    ];

Step2- generate this two listeners events :

php artisan event:generate

Step3- Modify AccessTokenCreated & RefreshTokenCreated event handle methods :

namespace App\Listeners;

use Laravel\Passport\Events\AccessTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;

class RevokeOldTokens
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  AccessTokenCreated  $event
     * @return void
     */
    public function handle(AccessTokenCreated $event)
    {


        DB::table('oauth_access_tokens')
            ->where('id', '<>', $event->tokenId)
            ->where('user_id', $event->userId)
            ->where('client_id', $event->clientId)
            ->update(['revoked' => true]);


    }
}

<?php

namespace App\Listeners;

use Laravel\Passport\Events\RefreshTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;

class PruneOldTokens
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  RefreshTokenCreated  $event
     * @return void
     */
    public function handle(RefreshTokenCreated $event)
    {

        DB::table('oauth_refresh_tokens')
            ->where('id', '<>', $event->refreshTokenId)
            ->where('access_token_id', '<>', $event->accessTokenId)
            ->update(['revoked' => true]);

    }
}

After This steps if I send any request to my project it will check for tokens and if there is another token it will revoke it and make it unathorized.