we know that the token must expire at some point. How can I replace an expired token with a new one in Laravel sanctum?
I haven't come up with a good idea yet
Related
I have created an app on laravel and vue.js and for the authentication process, I have used the laravel-shopify package. right now when the Axios call duration is long that time gets a session token expired error. I have already referred this solution but this was not worked for me.
Shopify App-bridge session token is having some issues while working with the vue.js and Axios?
Please check attached documents, please check.
video:- https://drive.google.com/file/d/1US2dzgcPWm6iQcK4SMS4b6q85q9l89Mx/view?usp=sharing
When I have passed many files to Axios, I don't want to get expire token error. Does anyone have a solution for this?
I have implement my api by using personal access token with the 1 month validity by using below code.
Passport::personalAccessTokensExpireIn(now()->addMonths(1));
I can receive an unauthenticated error once the token gets expired. In this case, i have to extend the validity which mean the user should be in login state unless they do logout manually.
Is it possible to keep the user in login mode?. If it can, pls give detailed explanation.
I think Passport can refresh the token only with oauth; but don't get me wrong, probably you don't need oauth. So you should refresh it by yourself because Passport doesn't handle it. What I can suggest in case you are building a backend API for a web-app is to use Sanctum Spa-Authentication, it gives you csrf protection and is really easy to understand
https://laravel.com/docs/8.x/sanctum#spa-authentication.
Once you logged in you can call your api routes.
But if it's not a web-app even Sanctum has not a refresh token method...
Yesterday my application's Oauth-access-tokens has been expired and that token is linked to more than five thousand devices (android) and now they are all rejected by Laravel passport. so is there any way to use that same token again or increase the time of that expired token. so that I don't need to change my application's token and release it again which it takes some time.
I have Oauth2 authentication in Laravel with Passport.
I want my first party clients have different refresh token expiration time.
I used client credential so, how can I achieve this with best practices.
I'm creating a SPA app with Vue.js (will be stored on remote server) and I'm confused as to what I should use.
At first I considered the use of Passport, but I don't understand how to make an API with Passport for 1st party only. Also I don't understand, how to make it quite secure if I need to send to the server my client-secret and client-id.
Then I read more about JWT, but there's no scopes for my tokens and no refresh tokens. It means if somebody stole the token from localStorage, then he will get access to this user permanently.
And one more question about the token access and API. I read a lot about different token expiration when it depends on its importance. It means token for changing password must be valid for a period of 5 minutes, but token for reading some information should be valid for 6 months. Is it right and how to do this right?
About JWT or Passport - what should I use then?
If you access api directory from client(using angular/react/vue js..) I suggest you to use Passport. in the passport there is a option call Password Grant Tokens, so user have to enter user credential and it'll generate a token(you can adjust the lifetime of the token) and when it expire you can refresh it. And yes if someone stole your token they can access your data
Read this if you want to know more:
https://stackoverflow.com/a/34983109/801448