There is a reference to user
, namely tokenable_type
and tokenable_id
. Which in this case references App\Models\User
and the user ID in the tokenable_id
.
Somewhere in your application, you are creating these tokens for that specific user. You have the choice here to issue new tokens for every login session, but you could also demand the user to use an old token. That is up to you and the use case of the application.
However, if you are creating new tokens for every login session, consider revoking old tokens (since they will probably not be used anymore). Check the Sanctum documentation.
Tokens are valid for as long as defined in: config/sanctum.php
in the expiration
key. Standard, personal access tokens
do not expire because the expiration
key is set to null
.
Answering your questions:
- Yes, you can simply get the amount of tokens using
$user->tokens()->count();
and do whatever you want to do with it (removing old tokens, or returning an error).
- This answer depends on your use case. If
tokens
are valid forever, why would you create a new one on every login, instead of demanding the token that is still valid? Alternatively, you could create a form for the user to request a new token if they forgot their old one, removing the old token and issuing a new one. This way, all tokens in the DB are valid.