The Auth::guard()->logout() seems to do nothing! It doesn't invalidate the token, the token still can be used in further requests. Passing true to it doesn't make a difference. How does the blacklist work? Couldn't find any documentation about it.
Can you please help me on how can the user actually be logged out as soon as he still has the token? Doesn't it require a database table or session storage to create blacklist of tokens? Where do we define it?
The
Auth::guard()->logout()
seems to do nothing! It doesn't invalidate the token, the token still can be used in further requests. Passingtrue
to it doesn't make a difference. How does the blacklist work? Couldn't find any documentation about it.Can you please help me on how can the user actually be logged out as soon as he still has the token? Doesn't it require a database table or session storage to create blacklist of tokens? Where do we define it?