I've gotten Laravel 5.6 set up with Passport and working with the Implicit grant.
The only thing I don't understand is, every time I hit /oauth/authorize, a new access token is generated in the database. If there is no existing token, it will prompt the user to authorise the request and then create a new access token that expires in 1 year.
If a token already exists and is valid (e.g. user already authorised the request before), it logs the user in directly but also creates a new access token (leaving n+ tokens available instead of invalidating the previous tokens).
This means that my users will see duplicates in their 'authorised applications' screen, which doesn't look right.
Is this normal? Should I be doing something more when logging out instead of just deleting the token locally?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire