Laravel Passport token lifetime

2017-03-05 php laravel oauth-2.0 laravel-5.4 laravel-passport

I don't get what I'm doing wrong. I can't set token expiration time.

<?php

namespace App\Providers;

class AuthServiceProvider extends ServiceProvider
{
    public function boot()
    {
        $this->registerPolicies();

        Passport::tokensExpireIn(Carbon::now()->addDays(1));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
    }
}

BUT when I call $user->createToken(), for example like this:

<?php
// as a demo
namespace App\Http\Middleware;

class ParseSpecialToken
{
    public function handle($request, Closure $next)
    {
        $user = User::find(1);
        $accessToken = $user->createToken('Some token')->accessToken;
        $request->headers->add(['Authorization' => 'Bearer '. $accessToken]);

        return $next($request);
    }
}

Token expiration is still 1 year, not 1 day. Why? How to change exp time?

Answers

Ah, figured out the personal tokens are always long-lived and this cannot be configured :(

you can do this:

$tokenResult = $user->createToken('Personal Access Token');
$token = $tokenResult->token;
$token->expires_at =
        Carbon::now()->addDays(env('PERSONAL_ACCESS_TOKEN_EXPIRY__DAYS'));

$token->save();

if you do

$token->expires_at =
        Carbon::now()->addDays(env('PERSONAL_ACCESS_TOKEN_EXPIRY__DAYS'));

then the expiration date is not checked at any request, so I think it's not a valid option for personal tokens.

The Passport docs seem to answer this question

https://laravel.com/docs/5.6/passport#token-lifetimes

In the boot method of AuthServiceProvider call Passport::tokenExpiresIn()

public function boot()
{
    $this->registerPolicies();

    Passport::routes();

    Passport::tokensExpireIn(now()->addDays(15));

    Passport::refreshTokensExpireIn(now()->addDays(30));
}

Here are the methods used to update expiration time for all the grant types :

Personal access token:

public function boot(){
        $this->registerPolicies();

        Passport::routes();
        Passport::personalAccessTokensExpireIn(Carbon::now()->addHours(24));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}

Rest all

public function boot(){
        $this->registerPolicies();

        Passport::routes();
        Passport::tokensExpireIn(Carbon::now()->addHours(24));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}

Just update the above code in the boot method of AuthServiceProvider.

Please see this implementation, and here how to replace PassportServiceProvider by your's. It worked for me with Laravel 5.5

The createToken() method creates a Personal Access Token. By default, these tokens expire after 1 year (or 100 years, if created by laravel/passport <= 1.0.11). The expiration time for this type of token is not modified by the Passport::tokensExpireIn() or Passport::refreshTokensExpireIn() methods.

laravel/passport >= 7.0.4

Passport version 7.0.4 added a new method Passport::personalAccessTokensExpireIn() that allows you to update the expiration time for personal access tokens. If you are on this version or later, you can add this method call to your AuthServiceProvider::boot() method.

Passport::personalAccessTokensExpireIn(Carbon::now()->addDays(1));

laravel/passport < 7.0.4

If you are not yet on passport version 7.0.4, you can still modify the personal access token expiration time, but it is more manual. You will need to enable a new instance of the personal access grant with your desired expiration time. This can also be done in your AuthServiceProvider::boot() method.

$server = $this->app->make(\League\OAuth2\Server\AuthorizationServer::class);
$server->enableGrantType(new \Laravel\Passport\Bridge\PersonalAccessGrant(), new \DateInterval('P100Y'));

Note

Modifying the expires_at field in the database will not do anything. The real expiration date is stored inside the token itself. Also, attempting to modify the exp claim inside the JWT token will not work, since the token is signed and any modification to it will invalidate it. So, all your existing tokens will have their original expiration times, and there is no way to change that. If needed, you will need to regenerate new tokens.

File: AuthServiceProvider.php

Add these lines

use Laravel\Passport\Bridge\PersonalAccessGrant;
use League\OAuth2\Server\AuthorizationServer;

Add the following code in boot function

public function boot() {
     Passport::routes();
     $lifetime = new \DateInterval('PT24H'); // For 24hours

     $this->app->get(AuthorizationServer::class)->enableGrantType(new PersonalAccessGrant(), $lifetime);
}

Yes, I just wasted one day to find this problem in VERSION = '5.8'.

For now, maybe we need modify your-project/vendor/laravel/passport/src/Passport.php.

Change this -----> new DateInterval('P1Y') . it is php function Represents a date interval.

D---> means Day Y---> means year M---> means Month

three types of token in passport

1.tokensExpireIn in 303 line.

  1. personalAccessTokensExpireIn in 341 line .

  2. refreshTokensExpireIn in 322 line.

I was able to extend the lifetime of the Personal access token by creating a PassportServiceProvider in my project that extends the PassportServiceProvider from the laravel-passport package. Then I just added this method to override the one from the PassportServiceProvider.



    /**
     * Register the authorization server.
     *
     * @return void
     */
    protected function registerAuthorizationServer()
    {
        $this->app->singleton(AuthorizationServer::class, function () {
            return tap($this->makeAuthorizationServer(), function ($server) {
                $server->enableGrantType(
                    $this->makeAuthCodeGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    $this->makeRefreshTokenGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    $this->makePasswordGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    new PersonalAccessGrant(), Passport::tokensExpireIn() // this is the line that was updated from the original method
                );

                $server->enableGrantType(
                    new ClientCredentialsGrant(), Passport::tokensExpireIn()
                );

                if (Passport::$implicitGrantEnabled) {
                    $server->enableGrantType(
                        $this->makeImplicitGrant(), Passport::tokensExpireIn()
                    );
                }
            });
        });
    }

Then I just updated the provider in the app.php config file to use the one from my project.

Related