调用 logout、refresh 方法后,旧的 token 为什么还能正常使用?
为什么调用logout、refresh方法之后,当前token还是可以继续使用,求指点。
routes/api.php
//需要TOKEN的接口
$api->group(['middleware' => ['auth:admin_api', 'serializer:array']], function ($api) {
...
}
config/jwt.php
'ttl' => env('JWT_TTL', 60),
'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),
Http/Controllers/AuthorizationsController.php
public function destroy()
{
auth($this->getGuardApiKey())->logout();
}
public function store(AuthorizationRequest $request)
{
$credentials = $request->only('username', 'password');
if (!$token = auth($this->getGuardApiKey())->attempt($credentials)) {
return $this->response()->error(trans('auth.failed'), 401);
}
$admin = auth($this->getGuardApiKey())->user();
event(new AdminLoginEvent($admin));
return $this->respondWithToken($token, $request->username);
}
推荐文章: