Laravel sanctum SPA authentication logout is not working

Asked 5/8, 2020 at 11:45 Answered 11/12, 2022 at 8:28

laravel vue.js single-page-application laravel-sanctum

I am using laravel sanctum SPA authentication in my Vue project.Everything is working well but even after logout

Auth::logout()

I am still able to get datas from api route inside middleware

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

I should not be able to get datas after logout.It should show 401 unauthenticated but its not the case. How to solve this problem.I have been stuck here for 3 days.I followed laravel documentation and other tutorial as well but every one logged out same like I did.

Wages answered 5/8, 2020 at 11:45 Comment(6)

is sanctum the default guard? – Richy 5/8, 2020 at 16:49

Above route is written in api.php so default guard is api @Richy – Wages 5/8, 2020 at 17:17

the default guard is set in the configuration auth.php ... when using the auth functions if you don't pass a guard in it will use the default ... if the default isn't sanctum then you are potentially calling logout on a different guard – Richy 5/8, 2020 at 18:17

Ok then you mean i should pass sanctum guard in logout? – Wages 6/8, 2020 at 1:56

Did you solved your problem? I have the same issue, everything works well with postman, but vue keeps me logged even if I revoke the token through postman – Leavy 7/3, 2021 at 23:16

Auth::logout() works fine with spa – Gothart 28/8 at 12:16

Kindly use Auth::guard('web')->logout(); instead of Auth::logout(). look into SPA Log out issue

Preferential answered 17/8, 2020 at 10:43 Comment(0)

To Logout, a user simply do this in you logout function to delete all the user tokens

public function logout(Request $request) {
auth()->user()->tokens()->delete();
}

Or user this to remove only the active token

$request->user()->currentAccessToken()->delete();

Pipestone answered 22/1, 2022 at 6:41 Comment(0)

What worked for me now is : auth('sanctum')->user()->tokens()->delete();

Recalesce answered 11/12, 2022 at 8:28 Comment(0)

-1

In order to logout the specific user, You need to specify the user.

// Revoke a specific user token
Auth::user()->tokens()->where('id', $id)->delete();

// Get user who requested the logout
$user = request()->user(); //or Auth::user()
// Revoke current user token
$user->tokens()->where('id', $user->currentAccessToken()->id)->delete()

Mesothelium answered 5/8, 2020 at 12:12 Comment(2)

Cleaner way $request->user()->currentAccessToken()->delete(); – Terrell 5/8, 2020 at 12:20

I am using SPA authentication not API token authentication.This answer may suit for that.anyway thanks for response. – Wages 5/8, 2020 at 12:30

Recommended topics

Hot tags