set allowMultipleTokens(); per user
Closed this issue · 1 comments
( @dusterio )
Is it possible to make $allowMultipleTokens; functional per user instead of the whole application at once?
\Dusterio\LumenPassport\LumenPassport::allowMultipleTokens();
At first I thought it was maybe possible to check a custom boolean before using a password-grant and then call the method (or not), like so:
if( $User->allow_multiple_sessions ){
\Dusterio\LumenPassport\LumenPassport::allowMultipleTokens();
}
But what to do with the refresh token routes?
I hope anyone here has experience with this 'problem' or already built a solution for this?
-OR-
Is this not recommended at all? Are there security-implications if I want to implement something like this?
After giving it a bit more thought:
my first conclusion is these functionalities should be built within Laravel/Lumen Passport package, am I right?
And secondly, maybe it is better to find a way to add/read custom data to the access/refresh tokens? Then I would be able to read a DB-value per user, and via this field I would run (something like)
if( $User->allow_multiple_sessions ){
\Dusterio\LumenPassport\LumenPassport::allowMultipleTokens();
}
Hopefully somebody has a better understanding to make this possible. OR I would like to know that I am thinking wrong :-)