P粉5579579702023-08-15 11:18:45
This is the default behavior. So to achieve your desired results you can blacklist them. When a user tries to use a token, you can check if it is in the blacklist. If so, you can reject it.
You can achieve this by creating a middleware that checks if the token is in the blacklist and apply that middleware to routes that require token validation.
middleware:
public function handle($request, Closure $next) { $token = $request->bearerToken(); if (TokenBlacklist::where('token', $token)->exists()) { return response()->json(['message' => '令牌已失效'], 401); } return $next($request); }
However, you should only do this if your system actually requires it.
P粉7680455222023-08-15 00:53:41
You cannot manually expire a token after it is created. This is how tokens work. If you create a token it will be valid until it expires, but you can create a blacklist of tokens and every time you refresh the token, add the first token to the blacklist, also consider lowering the token's lifetime (if low enough), you can rely on an automatic expiration mechanism.