I´m using Laravel 10 with Sanctum and Fortify to issue token´s via a REST API. The authentication is not stateful.
Fortify itself only invalidates the session in a stateful communication (see bellow) so i have to extend the destroy method. Is there an elegant way to revoke / delete a token when the logout operation is executed via Fortify?
/**
* Destroy an authenticated session.
*
* @param \Illuminate\Http\Request $request
* @return \Laravel\Fortify\Contracts\LogoutResponse
*/
public function destroy(Request $request): LogoutResponse
{
$this->guard->logout();
if ($request->hasSession()) {
$request->session()->invalidate();
$request->session()->regenerateToken();
}
return app(LogoutResponse::class);
}