Search by 
albetnov / sanctum-refresh
This package extends sanctum ability to be able to provide refresh token as well
2.0.1
2025-03-26 03:24 UTC
Requires
- php: ^8.2
- illuminate/contracts: ^11.0|^12.0
- laravel/sanctum: ^4.0
- nesbot/carbon: ^3.8
- spatie/laravel-package-tools: ^1.18.0
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.0
- nunomaduro/collision: ^8.5
- orchestra/testbench: ^9.0|^10.0
- pestphp/pest: ^3.7
- pestphp/pest-plugin-laravel: ^3.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpunit/phpunit: ^11.5
- spatie/pest-plugin-test-time: ^2.2
This package is auto-updated.
Last update: 2025-03-26 03:25:36 UTC
README
Minimal and flexible package to extend Sanctum to have refresh token as well.
Installation
You can install the package via composer:
composer require albetnov/sanctum-refresh
Then you'll need to push and run the migration with:
php artisan vendor:publish --tag="sanctum-refresh-migrations"
php artisan migrate
You can also publish the config file with:
php artisan vendor:publish --tag="sanctum-refresh-config"
This is the contents of the published config file:
return [ /** * Set the fallback expiration time of both tokens * Time in minutes. */ 'expiration' => [ // set the fallback of access token expiration 'access_token' => 2, // 2 minutes, // set the fallback of refresh token expiration 'refresh_token' => 30, // 30 minutes ], ];
Quick Start
Creating token
<?php namespace App\Http\Controllers; use Albet\SanctumRefresh\Services\TokenIssuer; class TokenController { function newToken() { $token = TokenIssuer::issue($request->user(), guard: 'api'); return response()->json([ 'message' => 'Token generated successfully!', 'data' => $token->toArray(), ]); } }
Response schema:
{
"message": "Token generated successfully!",
"data": {
"access_token": "[string]",
"access_token_expires_at": "[Y-m-d H:i:s]",
"refresh_token": "[string]",
"refresh_token_expires_at": "[Y-m-d H:i:s]"
}
}
Refresh Token Middleware (optional, if you want to customize error based on expired, invalid format, etc)
Create the Middleware
<?php // (...) use Albet\SanctumRefresh\Helpers; use Albet\SanctumRefresh\Exceptions\SanctumRefreshException; class TokenMiddleware { public function handle(Request $request, \Closure $next): Response { try { Helpers::getRefreshToken( $request->get('refresh_token', '') // adjust to your liking, either from Query Parameter, Body, or Header. ); return $next($request); } catch (SanctumRefreshException $e) { // handle tags of SanctumRefreshException return response()->json([ 'error' => 'Refresh token invalid' ], 400); } } }
Applying your middleware to your routes
<?php // imports... Route::post('refresh-token', [TokenController::class, 'refreshToken'])->middleware(TokenMiddleware::class);
Handling the refresh token creation
<?php use Albet\SanctumRefresh\Services\TokenIssuer; class TokenController { public function refreshToken(Request $request) { $newToken = TokenIssuer::refreshToken($request->get('refresh-token', '')); if(!$newToken) { return response()->json([ 'error' => 'Refresh token not valid', ], 400); } return response()->json([ 'message' => 'New token created', 'data' => $newToken->toArray(), ]); } }
Pruning Token
Register prune:token on your commands Kernel.php, you can run it as cron job:
Schedule::command('prune:token')->daily();
Testing
Run the tests:
composer test
Figure out the code coverage:
composer test-coverage
Changelog
Please see Changelog for more information.
Contributing
You are free to contribute to this project.
Credits
License
The MIT License (MIT). Please see License File for more information.