vesper8
commented
6 years ago It also seems odd that this is even happening.. considering that I have used the method below to generate a valid token for my soft-deleted user
return response([
'status' => 'success'
])
->header('Authorization', JWTAuth::fromUser($user));To then have this valid token fail the jwt.auth because the model is soft deleted seems.. odd to me? The token is valid.. why should it be denied?
The method that is failing is this one
Providers/Auth/Illuminate.php
public function byId($id)
{
return $this->auth->onceUsingId($id);
}
In my app users can disable their account which I do by soft deleting their model, this is a convenient way to make sure they disappear for the rest of the users (it's a dating app)
later, users can restore their account. Prior to my migration to JWT I was doing this easily by allowing users to log in to their account even if it had been soft deleted, and then jailing them to a page where the only action they can take is to restore their account
I am trying to achieve the same with jwt and it seems there is a lack of flexibility for allowing this
I'm doing a social login via facebook and I've modified the facebook oauth2 method so that it does allow a token to be generated for soft deleted users. But then when it does the fetchUser and hits my api which is behind the jwt.auth middleware, I always get a 'user not found'
I can see why this is happening inside the JwtAuth.php middleware, but I don't see a way of allowing withTrashed() or otherwise allowing soft deleted users without basically forking the middleware and replacing it by a custom one. I can certainly do that but.. it would seem useful if this was supported by the package
Anyone know an easier workaround?