Closed Syafiqq closed 5 years ago
@Syafiqq I think it's a known "feature" of Laravel Passport. If the same user/subject had access tokens before - the new access token will have the same scopes. Therefore, when changing privileges/scopes for a user, you have to purge old tokens from the database
Oh, I never thought of that. Thank you for the explanation. 👍
Just curious, how to do that?
Oh, I just figure it out that lumen test needs to call $this->refreshApplication();
in order to differentiate between requests. If I don't call that function, the incoming request always holds the previous request parameter.
While I try to refresh token with a reduced scope, the generated token still produced the same scope as the old one.
Step to reproduce
clone
it, configure.env
, runcmds/recreate-db.sh
. and run the test.