Adding additional data to createToken

[dillingham]

Idea: adding a 3rd parameter to createToken() for custom columns

If your token has additional scope or tenant information.. being able to pass it in like:

createToken('token-name', ['*'], ['tenant_id' => 1'])

With an array merge.. would be convenient

$token = $this->tokens()->create(array_merge([
    'name' => $name,
    'token' => hash('sha256', $plainTextToken = Str::random(80)),
    'abilities' => $abilities,
], $values);

Otherwise, an observer works or $token->update($values) on the returned token

[dillingham]

makeToken() is probably more laravel like though and it returns unsaved model

[driesvints]

You're mentioning a tenant ID. Isn't it just the case of adding the HasApiTokens trait to different tenant types? Do you need to query/purge per tenant ID? How would the data be saved?

[dillingham]

I was just using the tenant id as a vague example.

You’re right you can just attach the token to the tenant.

Mostly was just suggesting a way to add data to the token without having to update it after create.

With JWT you add data sometimes

$token = $user->makeToken('Name');
$token->account_id = 1;
$token->team_id = 2;
$token->save();

In a model trait for example

$model->account_id = auth()->user()->accessToken->account_id;
$model->team_id = auth()->user()->accessToken->team_id;

[cja-github]

Hi. I need this. Has it been implemented?

[minhlong]

Hi ,

I customized createToken and PersonalAccessToken.

// Do not forgot register this model in your boot method of app service provider.
// Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class); 

use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;

class PersonalAccessToken extends SanctumPersonalAccessToken
{
    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'token',
        'abilities',
        'shop_id',  // My customize field
    ];
}

And on the User model

    public function createToken(string $name, $shopId, array $abilities = ['*'])
    {
        $token = $this->tokens()->create([
            'name'      => $name,
            'token'     => hash('sha256', $plainTextToken = Str::random(40)),
            'abilities' => $abilities,
            'shop_id'   => $shopId,
        ]);

        return new NewAccessToken($token, $token->getKey().'|'.$plainTextToken);
    }

Or you can customize the createToken and findToken too :)

I hope it can help you,

[dan-lutd]

@minhlong Did this work for you? How would a token holder read the 'shop_id' from the token?

[minhlong]

@minhlong Did this work for you? How would a token holder read the 'shop_id' from the token?

The shop_id is used to create token. It does not use to validate the token :). You can refer below flow:

# \Laravel\Sanctum\PersonalAccessToken
/**
     * Find the token instance matching the given token.
     *
     * @param  string  $token
     * @return static|null
     */
    public static function findToken($token)
    {
        if (strpos($token, '|') === false) {
            return static::where('token', hash('sha256', $token))->first();
        }

        [$id, $token] = explode('|', $token, 2);

        if ($instance = static::find($id)) {
            return hash_equals($instance->token, hash('sha256', $token)) ? $instance : null;
        }
    }

[teclia]

Excelent! Thanks for posting. I used your example and it worked for me

[dan-lutd]

@minhlong I see the shop_id is only added to the table via PersonalAccessToken, thanks