How does Laravel sanctum expire tokens?

laravel laravel-sanctum
Inigo EC picture Inigo EC · Sep 29, 2020 · Viewed 9.8k times · Source

When I run $user->currentAccessToken()->delete(); the token expires, Auth::check() becomes false, what it is expected.

However, when I go to the personal_access_tokens table, the token is still there. There is no soft delete field. How does Sanctum now that the token is expired?

Answer

Chatchai Siwilai picture Chatchai Siwilai · Feb 2, 2021

You can set in config/sanctum.php array node expiration

/*
|--------------------------------------------------------------------------
| Expiration Minutes
|--------------------------------------------------------------------------
|
| This value controls the number of minutes until an issued token will be
| considered expired. If this value is null, personal access tokens do
| not expire. This won't tweak the lifetime of first-party sessions.
|
*/

'expiration' => 60 * 24 * 7,

Related questions

Getting user data with Laravel Sanctum

I was using Laravel's built-in api token authentication before but I wanted to provide multiple api tokens for different clients and with Laravel 7.x, I'm trying to migrate to Laravel Sanctum. API seems authenticates user without any problem but when …

Read More
Laravel 7 Sanctum logout

I'm using Laravel 7 with Sanctum authentication for my app. How can i implement the logout procedure? I use: Auth::user()->tokens()->delete(); and it works, but It delete all tokens of this user. i would like …

Read More
How Do I Get the Query Builder to Output Its Raw SQL Query as a String?

Given the following code: DB::table('users')->get(); I want to get the raw SQL query string that the database query builder above will generate. In this example, it would be SELECT * FROM users. How do I do …

Read More