laranex / laravel-refresh-token
A package to help you implement refresh token mechanism in your laravel application
Requires
- php: ^8.1
- illuminate/console: ^9.0|^10.0
- illuminate/container: ^9.0|^10.0
- illuminate/contracts: ^9.0 | ^10.0
- illuminate/support: ^9.0|^10.0
- lcobucci/clock: ^2.2 || ^3.0
- lcobucci/jwt: ^4.3|^5.0
- league/oauth2-server: 7.* | ^8.5.1
- nesbot/carbon: ^2.67
- phpseclib/phpseclib: ^3.0
- spatie/laravel-package-tools: ^1.14.0
Requires (Dev)
- laravel/pint: ^1.0
- nunomaduro/collision: ^7.0
- nunomaduro/larastan: ^2.0.1
- orchestra/testbench: ^7.0|^8.0
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- phpunit/phpunit: ^9.4
This package is auto-updated.
Last update: 2024-12-04 10:30:55 UTC
README
A package to help you implement refresh token mechanism in your laravel application
Installation
You can install the package via composer:
composer require laranex/laravel-refresh-token
Generate encryption keys
php artisan refresh-token:keys
Run The migration file
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --tag="refresh-token-config"
This is the contents of the published config file:
return [ /* |-------------------------------------------------------------------------- | Encryption Keys |-------------------------------------------------------------------------- | | Refresh Token uses encryption keys while generating secure access tokens for | your application. By default, the keys are stored as local files but | can be set via environment variables when that is more convenient. | */ 'private_key' => env('REFRESH_TOKEN_PRIVATE_KEY'), 'public_key' => env('REFRESH_TOKEN_PUBLIC_KEY'), /* |-------------------------------------------------------------------------- | Refresh Token Model |-------------------------------------------------------------------------- | | Refresh Token Model to manage refresh tokens | */ 'model' => RefreshToken::class, /* |-------------------------------------------------------------------------- | Refresh Token Table |-------------------------------------------------------------------------- | | Refresh Token Model to manage refresh tokens | */ 'table' => 'laravel_refresh_tokens', ];
Overriding the default values (Optional)
The following static methods are available under the Laranex\RefreshToken\RefreshToken
class to override the default values. Invoking them
with the value you want in the service provider will override the default values.
useRefreshTokenModel(string $refreshTokenModel): void
loadKeysFrom(string $path): void
refreshTokensExpireIn(DateTimeInterface $date = null): DateInterval|static
Usage
- Use the trait in your refresh tokenable model
class User extends Authenticatable{ use HasRefreshTokens; }
$user = Auth::user()->createRefreshToken();
-
Verify a refresh token
- a token instance will be return if the token is valid, or else null will be return
$verifiedToken = Laranex\RefreshToken\RefreshToken::tokenable($request->get('refresh_token')); if ($verifiedToken) { // Implement your access token logic here } else { // handle invalid refresh token }
-
Working with verified refresh token
$verifiedToken = Laranex\RefreshToken\RefreshToken::tokenable($request->get('refresh_token'));
-
You can access the token instance by calling the
instance
property, The instance property will return the model instance that you use the RefreshToken trait in$tokenInstance = $verifiedToken->instance;
-
Revoking the refresh token (The token will no longer be valid)
$verifiedToken->revoke();
-
Revoking all refresh tokens which are related to current refresh token instance
$verifiedToken->revokeAll();
-
Prune Command
- You can use the prune command to delete all expired refresh tokens
php artisan refresh-token:prune
- Or you can put this into a scheduler to run it periodically
$schedule->command('refresh-token:prune')->daily();
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.