How to properly use Laravel Sanctum?

T

Tikhon Ermakov2020-07-28 05:06:18

Laravel

Tikhon Ermakov, 2020-07-28 05:06:18

public function login()
    {
        $validator = Validator::make(request()->all(), [
            'email' => 'required|email|max:255',
            'password' => 'required|string',
        ]);

        if ($validator->fails()) return response()->json($validator->errors()->getMessages());

        $user = User::where('email', request()->email)->first();

        if (! $user || ! auth()->attempt(request()->only(['email', 'password']))) {
            return response()->json(['message' => 'Unauthorized'], 401);
        }
        
        $token = $user->createToken('token-name');
    }

Question 1: Is it necessary to create a token for each user authorization? Maybe it would be more correct to see what tokens he already has and, if available, return an existing token?

Question 2: Why don't we get the expiration date of the token when creating a token?

Please tell us how to competently implement authorization using Laravel Sanctum .

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Konstantin B., 2020-07-28
@the_goldmayer

1. It is necessary to do so that there are no these most at each authorization . Once entered and remembered. This is not oAuth2. If you need oAuth2 then use Passport
2. Because tokens are eternal. Their fading, updating and everything that is in oAuth2 is not provided in Sanctum.