README

A package to help you implement refresh token mechanism in your laravel application

Installation

You can install the package via composer:

  composer require laranex/laravel-refresh-token

Generate encryption keys

  php artisan refresh-token:keys

Run The migration file

  php artisan migrate

You can publish the config file with:

  php artisan vendor:publish --tag="refresh-token-config"

This is the contents of the published config file:

    return [
    
        /*
        |--------------------------------------------------------------------------
        | Encryption Keys
        |--------------------------------------------------------------------------
        |
        | Refresh Token uses encryption keys while generating secure access tokens for
        | your application. By default, the keys are stored as local files but
        | can be set via environment variables when that is more convenient.
        |
        */
        'private_key' => env('REFRESH_TOKEN_PRIVATE_KEY'),
    
        'public_key' => env('REFRESH_TOKEN_PUBLIC_KEY'),
    
        /*
        |--------------------------------------------------------------------------
        | Refresh Token Model
        |--------------------------------------------------------------------------
        |
        | Refresh Token Model to manage refresh tokens
        |
        */
        'model' => RefreshToken::class,
    
        /*
        |--------------------------------------------------------------------------
        | Refresh Token Table
        |--------------------------------------------------------------------------
        |
        | Refresh Token Model to manage refresh tokens
        |
        */
        'table' => 'laravel_refresh_tokens',
    ];

Overriding the default values (Optional)

The following static methods are available under the Laranex\RefreshToken\RefreshToken class to override the default values. Invoking them with the value you want in the service provider will override the default values.

useRefreshTokenModel(string $refreshTokenModel): void
loadKeysFrom(string $path): void
refreshTokensExpireIn(DateTimeInterface $date = null): DateInterval|static

Usage

Use the trait in your refresh tokenable model

    class User extends Authenticatable{
        use HasRefreshTokens;
    
    }

Create a refresh token

    $user = Auth::user()->createRefreshToken();

Verify a refresh token
- a token instance will be return if the token is valid, or else null will be return

    $verifiedToken = Laranex\RefreshToken\RefreshToken::tokenable($request->get('refresh_token'));
    if ($verifiedToken) {
    // Implement your access token logic here
    
    } else {
    // handle invalid refresh token
    }

Working with verified refresh token
```
    $verifiedToken = Laranex\RefreshToken\RefreshToken::tokenable($request->get('refresh_token'));
```
- You can access the token instance by calling the instance property, The instance property will return the model instance that you use the RefreshToken trait in
```
    $tokenInstance = $verifiedToken->instance;
```
- Revoking the refresh token (The token will no longer be valid)
```
    $verifiedToken->revoke();
```
- Revoking all refresh tokens which are related to current refresh token instance
```
    $verifiedToken->revokeAll();
```

Prune Command

You can use the prune command to delete all expired refresh tokens
```
    php artisan refresh-token:prune
```

Or you can put this into a scheduler to run it periodically

    $schedule->command('refresh-token:prune')->daily();

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

Nay Thu Khant

License

The MIT License (MIT). Please see License File for more information.

laranex / laravel-refresh-token

Maintainers

Details