dtm41506 2019-04-09 19:08
浏览 227

如何在Laravel Passport中获取所有用户的访问权限?

For background we have two servers: the oauth server which issues out tokens and has laravel passport installed, and an api server which handles requests for the front end. In order to minimize requests, we are caching the access token on the api server, so that there is no need to make a request out to the oauth server from the api server.

However, in the case of an emergency, we want to quickly invalidate all of a user's tokens and remove the tokens from the cache on the api server.

I have figured out how to invalidate all of a user's tokens, but getting the actual access token value proves to be difficult. Is there a way to get a user's access tokens and return them to the api server?

For reference, here is the code I have to currently invalidate a user's tokens:

use App\User;

public function invalidate_sessions($user_id) {
    $user = User::find($user_id);

    $tokens = [];
    foreach ($user->tokens as $token) {
        $token->revoke();
        // this doesn't work
        $tokens[] = $token;
    }
    $api_server = config('auth.api_server');
    $http = new \GuzzleHttp\Client;

    $response = $http->post("{$api_server}/api/invalidate_sessions", [ 
        \GuzzleHttp\RequestOptions::JSON => $tokens
    ]);

    return (string)$response->getBody();
}
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 MATLAB动图的问题
    • ¥15 求差集那个函数有问题,有无佬可以解决
    • ¥15 【提问】基于Invest的水源涵养
    • ¥20 微信网友居然可以通过vx号找到我绑的手机号
    • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
    • ¥15 解riccati方程组
    • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
    • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名