search

ArielMejiaDev / json-api-auth

Laravel package to add authentication scaffold for Json APIs.
https://json-api-auth.netlify.app/
MIT License
27 stars 12 forks source link

Logout should be POST #6

Open gogl92 opened 1 year ago

gogl92 commented 1 year ago

I'm not sure about this but would the logout request should be a POST request?

Route::get('/logout', LogoutController::class)
    ->middleware('auth:sanctum')
    ->name('json-api-auth.logout');

To

Route::post('/logout', LogoutController::class)
    ->middleware('auth:sanctum')
    ->name('json-api-auth.logout');
ArielMejiaDev commented 1 year ago

Hi, @gogl92 it could be I just take in mind that there is no body required for the request and I took as an example the behavior of the framework when you make a GET request to /logout, if there are examples that make sense or a standard for this please add the links here to consider a change.

Thanks for using the package.

gogl92 commented 1 year ago

Hi @ArielMejiaDev, it does make sense as there's no body but I see some people using POST or even DELETE as it theoretically you're deleting the tokens when you're logging out.

I connected my Laravel app to a react SPA using this package https://github.com/koole/react-sanctum, by default the signOut method does POST https://github.com/koole/react-sanctum/blob/master/src/Sanctum.tsx#L119 it's also not a big deal I can always change the method after the routes are generated, maybe if in the future more people request it.

ArielMejiaDev commented 1 year ago

I would search about it, if there are any standard for these... Incase you found something please feel free to make a PR