4

Context and Need

In my api routes file, I've written the following code following the documentation (https://laravel.com/docs/8.x/sanctum#introduction) :

Route::post('/tokens/create', function (Request $request) {
    $token = $request->user()->createToken($request->token_name);
    return ['token' => $token->plainTextToken];
});

I would want to set an expiration delay that would be used to compare the date of the creation of the token with the date of the current check of the token expiration: the token'd have a creation date of x, the current date'd be y, and the delay'd be d so the token would expire if y > x + d.

What I've done

So I've read some code in the directory vendor/laravel/sanctum, and I've found the class Guard.php.

The class Guard.php contains an object attribute named $expiration, a constructor that sets it (among other things), and the __invoke method that contains the following expiration check:

if (! $accessToken ||
                ($this->expiration &&
                 $accessToken->created_at->lte(now()->subMinutes($this->expiration))) ||
                ! $this->hasValidProvider($accessToken->tokenable)) {
                return;
            }

As you can see, it does exactly what I want. However, I can't figure out how to set my own value for the attribute $expiration.

In this same file, there are some allusion to an existing configuration file, like this one: config('sanctum.guard', 'web'). Also, the class SanctumServiceProvider instanciates Guard and passes to its constructor the following value: config('sanctum.expiration'). But I don't know how/where to define this config value. Perhaps https://laravel.com/docs/8.x/configuration config(['sanctum.expiration' => '1277126']);? Could you confirm it please? (but where to put this line?)

Question

My question is: in Laravel 8 Sanctum, how could I set my own value for the variable $expiration used for Sanctum tokens check? Should I edit a configuration file and if yes, how? Should I type a configuration command in a terminal?

JarsOfJam-Scheduler
  • 2,809
  • 3
  • 31
  • 70

2 Answers2

4

You can publish the Laravel configuration:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

See https://laravel.com/docs/8.x/sanctum#installation

After this you are able to change all configuration options in config/sanctum.php. The configuration files in config will overwrite the vendor default configuration.

Sagar Naliyapara
  • 3,971
  • 5
  • 41
  • 61
Nortol
  • 399
  • 3
  • 9
0

The documentation https://laravel.com/docs/8.x/sanctum#spa-configuration says that, for SPA, we can set a value for the configuration option SANCTUM_STATEFUL_DOMAINS in the file vendor/laravel/sanctum/config/sanctum.php. So it should be the same for expiration. This file, indeed, contains the following text:

/*
|--------------------------------------------------------------------------
| Expiration Minutes
|--------------------------------------------------------------------------
|
| This value controls the number of minutes until an issued token will be
| considered expired. If this value is null, personal access tokens do
| not expire. This won't tweak the lifetime of first-party sessions.
|
*/

'expiration' => null,

So I think I should modify it to set the number of minutes of tokens expiration.

The sole problem is: as this file is contained in the vendor directory, if I download an update of Sanctum, would it erase this modification (i.e.: the number of minutes of expiration I've written)? If yes, then I should look for a similar solution that would be permanent (overriding this configuration file? modifying the .env file?). If no, then there isn't any problem, it would be perfect.

Maybe https://laravel.com/docs/8.x/configuration#accessing-configuration-values would be interesting to know which decision to take. However, if anyone could advise me in a comment it woud be kind.


Final Solution

Important Edit: instead of vendor/laravel/sanctum/config/sanctum.php, there is also the following config file: <my_site>/laravel/sanctum/config/sanctum.php so the latter should be editable without any problem. I think this is the best solution.

JarsOfJam-Scheduler
  • 2,809
  • 3
  • 31
  • 70
  • You should never edit something under `vendor`. Just publish the configuration file and change it in `config/sanctum.php`. See php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider" – Nortol Aug 15 '21 at 05:44
  • 1
    I downvoted your answer cause it's wrong and a risk to leave it as solution. In your update (final solution) you have a path that does not exist. it should be `config/sanctumphp` and not `/laravel/sanctum/config/sanctum.php`. Editing files in `vendor` is something you should never even consider doing! `vendor` files are installed and managed by composer. Every update will overwrite your changes. So I downvoted it and think you should remove the solution from your answer. Btw. `vendor` files should be ignored by your scm. – Nortol Aug 18 '21 at 08:33