How to revoke Sanctum API token on logout with Fortify

64 views Asked by At

I´m using Laravel 10 with Sanctum and Fortify to issue token´s via a REST API. The authentication is not stateful.

Fortify itself only invalidates the session in a stateful communication (see bellow) so i have to extend the destroy method. Is there an elegant way to revoke / delete a token when the logout operation is executed via Fortify?

/**
 * Destroy an authenticated session.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Laravel\Fortify\Contracts\LogoutResponse
 */
public function destroy(Request $request): LogoutResponse
{
    $this->guard->logout();

    if ($request->hasSession()) {
        $request->session()->invalidate();
        $request->session()->regenerateToken();
    }

    return app(LogoutResponse::class);
}
0

There are 0 answers