Lumen Logout

[feeh27]

Logout in Lumen

I want to invalidate my token, I created a function to logout, but it isn't working.

Your environment

Q	A
Bug?	yes
New Feature?	no
Framework	Lumen
Framework version	5.7.5
Package version	1.0.0-rc.3
PHP version	7.2.10

Steps to reproduce

Access the auth/logout url by passing the token to be invalidated by the URL or header (Authorization: Bearer).

My code snippets:

First attempt

Auth::logout();

Second attempt

$this->jwt->invalidate(); //$this->jwt is a JWTAuth instance

Third attempt

$this->jwt->invalidate($this->jwt->getToken()); //$this->jwt is a JWTAuth instance

Expected behaviour

An invalid token exception in the next request

Actual behaviour

Nothing changes

[padmaruban]

try the following. It works in my application

$this->jwt->parseToken()->invalidate();

[feeh27]

try the following. It works in my application

$this->jwt->parseToken()->invalidate();

Thanks @padmaruban for your help, I tested your code but it didn't work for me.

How did you instantiate your JWTAuth class?

[feeh27]

I made a new attempt, follow below code snippet:

$token = $this->jwt->parseToken();
$token->invalidate();

And that didn't work for me either.

[padmaruban]

try the following. It works in my application $this->jwt->parseToken()->invalidate();

Thanks @padmaruban for your help, I tested your code but it didn't work for me.

How did you instantiate your JWTAuth class?

below is my code. in

postLogout

function

<?php

namespace App\Http\Controllers;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Tymon\JWTAuth\JWTAuth;

class ExampleController extends Controller
{
    /**
     * @var \Tymon\JWTAuth\JWTAuth
     */
    protected $jwt;

    public function __construct(JWTAuth $jwt)
    {
        $this->jwt = $jwt;
    }

    // function to logout & invalidate token
    public function postLogout(Request $request)
    {
        $this->jwt->parseToken()->invalidate();
		
        return ['message'=>'token removed'] ;
    }

}

[feeh27]

@padmaruban bellow my controller code:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Laravel\Lumen\Routing\Controller as BaseController;
use Tymon\JWTAuth\JWTAuth;

/**
 * Class JWTAuthController: Classe do controle da autenticação JWT
 * @package     App\Http\Controllers
 * @category    API
 * @author      Felipe Dominguesche <[email protected]>
 * @access      public
 */
class JWTAuthController extends BaseController
{
    /**
     * @var Tymon\JWTAuth\JWTAuth
     */
    protected $jwt;

    /**
     * JWTAuthController constructor.
     * @param JWTAuth $jwt
     */
    public function __construct(JWTAuth $jwt)
    {
        $this->jwt = $jwt;
    }

    /**
     * Controla o Login via JWT
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     * @throws \Illuminate\Validation\ValidationException
     */
    public function loginPost(Request $request)
    {
        $this->validate($request, [
            'email'    => 'required|email|max:255',
            'password' => 'required',
        ]);

        if (! $token = $this->jwt->attempt($request->only('email', 'password'))) {
            return response()->json(['user_not_found'], 404);
        }

        return response()->json(compact('token'));
    }

    /**
     * Logout JWT
     * @param Request $request
     * @return array
     * @throws \Tymon\JWTAuth\Exceptions\JWTException
     */
    public function logout(Request $request)
    {
        $this->jwt->parseToken()->invalidate();

        return ['message'=>'token removed'] ;
    }
}

I made the changes and it still didn't work.

The current version of my packages is: Lumen: 5.7.5 JWTAuth: 1.0.0-rc.3

Which version of Lumen are you using and which version of JWTAuth?

[feeh27]

@tymondesigns can you help me?

[feeh27]

@tymondesigns can you help me?

@tymondesigns ?

[Zubair-Iftikhar]

@feeh27 you fix this Issue?

[feeh27]

@zu007 No, can you help me?

[Zubair-Iftikhar]

$this->jwt->parseToken()->invalidate(); Work For me

[Zubair-Iftikhar]

	public function logout(Request $request)
    {
		$token =  $request->header('Authorization');
		$this->jwt->parseToken()->invalidate();
        return response()->json(['message' => 'Successfully logged out']);
	}

[Zubair-Iftikhar]

Lumen : 5.7.7 jwt-auth: 1.0@dev

[feeh27]

I will use this code and put the result here

[Zubair-Iftikhar]

Auth::logout(); Working $this->jwt->invalidate($this->jwt->getToken()); Working $this->jwt->parseToken()->invalidate(); Working These 3 statement one by one test. they are destroy token..Successfully logout Perform

[orhanbhr]

Thanks @feeh27

[feeh27]

Auth::logout(); Working $this->jwt->invalidate($this->jwt->getToken()); Working $this->jwt->parseToken()->invalidate(); Working These 3 statement one by one test. they are destroy token..Successfully logout Perform

Hello,

Sorry for the delay in posting, I was on vacation and returned last week.

My logout still doesn't work, I upgraded my Lumen to version 5.7.7 and jwt-auth to version 1.0.x-dev.

Below is the function I'm currently using:

public function logout(Request $request)
{
    $token =  str_replace('Bearer ','',$request->header('Authorization'));
    $this->jwt->setToken($token)->invalidate();
    $this->jwt->setToken($token)->invalidate(true);
    Auth::logout();
    $this->jwt->invalidate($this->jwt->getToken());
    $this->jwt->parseToken()->invalidate();

    return ['message'=>'Token removed'] ;
}

The success message appears, but the token remains authenticated.

[feeh27]

The complete file can be founded in this link in my "Intranet" repository (http://github.com.br/feeh27/intranet). File link: https://github.com/feeh27/intranet/blob/master/html/api/app/Http/Controllers/JWTAuthController.php

@zu007 Do you have any idea what that might be?

[samuelkristianto1]

@feeh27 i made a repo, a short guide to use tymon jwt auth, jwt auth guide

[feeh27]

@feeh27 i made a repo, a short guide to use tymon jwt auth, jwt auth guide

Thank's @samuelkristianto, I'll follow the guide to your repository and see if I can perform the steps

[Zubair-Iftikhar]

@feeh27 is Fixed? Token can be invalidated after CACHE_DRIVER is set to file. Go To .env and Set CACHE_DRIVER=file

[usamamuneerchaudhary]

$token = $request->header( 'Authorization' ); $this->auth->parseToken()->invalidate( $token ); This worked for me

[kaibox-git]

The file: vendor/tymon/jwt-auth/config/config.php contains the default: 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0), where '0' - number of seconds for BLACKLIST GRACE PERIOD. If you set 'blacklist_grace_period' > 0 (for example 30 seconds, as mentioned here https://github.com/tymondesigns/jwt-auth/issues/1355 ) you have to know that when you logout and run: $this->jwt->parseToken()->invalidate(); or just $this->jwt->invalidate(); or Auth::logout(); or anything else ... the system keeps you registered for 'blacklist_grace_period' seconds and you can make some authorized requests after logout. It is unexpected behaviour for user. If 'blacklist_grace_period' = 0 (default) then logout will be emmediately.

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[vishaltarkar]

Could it happen if the storage folder doesn't have valid permission? Because I tried the above solution & it is not working for me and m getting 500 errors. However, On local, it's working fine. All other API working fine though.

(Edit: Issue has been solved. I changed my storage folder group to www-data and it works fine now.

[MatheusNP]

@feeh27 is Fixed? Token can be invalidated after CACHE_DRIVER is set to file. Go To .env and Set CACHE_DRIVER=file

This worked for me. The CACHE_DRIVER config in my .env was 'array'. After I changed to 'file' and forced a logout, the token is expiring after reach the time setted. Thanks.