Highlight existence of $user->currentAccessToken()

[SeinopSys]

While fully fledged documentation may not be a priority at the moment I just wanted to raise this as a half thank you and half "please make others aware of the existence of this feature" issue.

Using Passport I had to do all this just to be able to log a user out:

class UsersController extends Controller
{
    /**
     * The token repository implementation.
     *
     * @var \Laravel\Passport\TokenRepository
     */
    protected $tokenRepository;

    /**
     * Create a controller instance.
     *
     * @param  \Laravel\Passport\TokenRepository  $tokenRepository
     * @return void
     */
    public function __construct(TokenRepository $tokenRepository)
    {
        $this->tokenRepository = $tokenRepository;
    }

    /**
     * @param  Request  $request
     * @return Response
     */
    public function logout(Request $request)
    {
        $token = $request->bearerToken();
        $token_id = (new \Lcobucci\JWT\Parser())->parse($token)->getHeader('jti');
        $token = $this->tokenRepository->findForUser(
            $token_id,
            $request->user()->getKey()
        );
        $token->revoke();
        $delete_cookie = Cookie::forget(Passport::cookie());
        return response()->noContent()->withCookie($delete_cookie);
    }
}

and with Airlock this seemingly is just reduced to

class UsersController extends Controller
{
    /**
     * @param  Request  $request
     * @return Response
     */
    public function logout(Request $request)
    {
        $request->user()->currentAccessToken()->delete();
        return response()->noContent();
    }
}

which is a huge improvement both in terms of readability and the amount of reverse engineering needed to achieve this. I would like to suggest that the existence of this method of the Laravel\Airlock\HasApiTokens trait be featured in the documentation to make sure nobody misses this, as I think this is probably my favorite addition by Airlock yet.

---

I originally started this issue by asking for this feature to be implemented, but when I went to check the source, sure enough it already was! Hence why I suggest highlighting it instead.

[driesvints]

Heya, feel free to send in a PR if you want.

[Dzale]

Hey @driesvints, i've noticed a strange bug when writing unit tests for logout. My logout() method is the same as described above.

Test code => https://pastebin.com/LZ7wMgeg

Response i get:
{"message":"Call to undefined method Laravel\\Sanctum\\TransientToken::delete()","errors":null}

Weird thing here is that route actually works when you call it from Postman/Application, but test fails. Maybe i am doing something wrong ?

[jerearaujo03]

I'm getting the same

[naveen1941]

Hey @driesvints, i've noticed a strange bug when writing unit tests for logout. My logout() method is the same as described above.

Test code => https://pastebin.com/LZ7wMgeg

Response i get:
{"message":"Call to undefined method Laravel\\Sanctum\\TransientToken::delete()","errors":null}

Weird thing here is that route actually works when you call it from Postman/Application, but test fails. Maybe i am doing something wrong ?

I am also facing the same issue.

[icedevbug]

The Bearer prefix must be added to the Header Authorization
axios.defaults.headers.Authorization = "Bearer " + token;

[Sporium]

In my case

{"message":"Call to undefined method Laravel\Sanctum\TransientToken::delete()","errors":null}

error was because of EnsureFrontendRequestsAreStateful::class in app/Http/Kernel.php 'api' section.
As i found out (hope Im not wrong) when you include EnsureFrontendRequestsAreStateful middware Laravel try to authenticate you using CSRF token not bearerToken. And because in

vendor/laravel/sanctum/src/Guard.php

this guard check is prior you create new TransientToken.
When you try to user()->currentAccessToken()->delete() it fails by trying to call delete() from TransientToken.
But if you want to delete bearer Token its in PersonalAccessToken
so you can PersonalAccessToken::findToken($request->bearerToken())->delete(); but this looks wrong:)
If you use Mobile Application Authentication you can simply remove EnsureFrontendRequestsAreStateful and this will fix problem.
If you want to use that middelware:
This issue can be fixed just moving this lines https://github.com/laravel/sanctum/blob/2.x/src/Guard.php#L54-L58
below this https://github.com/laravel/sanctum/blob/2.x/src/Guard.php#L60-L75
If this structure not critical that helps with this problem (or we need something to chose what token we want to use)
Also to revoke CSRF token use $request->session()->invalidate();

[masihfathi]

do you find any valid solution to this issue? i want use spa and http authentication with the same code but i got error in user()->currentAccessToken()->delete(),also i use EnsureFrontendRequestsAreStateful middleware