[V6] How to Logged Out or Remove Access Tokens from Database After Logout

[heirro]

Hi i just implemented the new V6 core.

However got the issues about Deleting tokens using auth-access-tokens-guard.

import type { HttpContext } from '@adonisjs/core/http'
import User from '#models/user'

export default class LogoutsController {
    public async logout({ auth, response }: HttpContext) {

        const getUser = auth.user?.id
        const user = await User.findOrFail(getUser)
        await User.accessTokens.delete(user, user.id)

        return response.ok({
            success: true,
            message: 'User logged out',
            data: getUser
        })
    }
}

When testing on the postman, tokens still available on the DB, and will re-use.

What i ask about it, how to correct implementation this section?
Maybe can this auth-access-tokens-guard is stateless without using JWT?

In case: I Use adonis.js as a backend, and remix as a frontend-ssr

[heirro]

I just hardcode tricky using import DB from '@adonisjs/lucid/services/db'

So here is my full code deleting all tokens on the Database related id from User

import type { HttpContext } from '@adonisjs/core/http'
import User from '#models/user'
import DB from '@adonisjs/lucid/services/db'

export default class LogoutsController {
    public async logout({ auth, response }: HttpContext) {

        const getUser = auth.user?.id
        const user = await User.findOrFail(getUser)
        await User.accessTokens.delete(user, user.id)

        await DB.from('auth_access_tokens').where('tokenable_id', user.id).delete()

        return response.ok({
            success: true,
            message: 'User logged out',
        })
    }
}

[thetutlage]

You are doing it wrong. You are passing the user.id to the accessTokens.delete method. It needs tokenId. Check docs here. https://docs.adonisjs.com/guides/auth-access-tokens-guard#deleting-tokens

[mertgibi]

A user can have multiple tokens. How do we get the ID of the requested token?

[thetutlage]

Its in the docs. Search for currentAccessToken

[franckDev21]

async logout({ auth, response }: HttpContext) {
    const user = auth.getUserOrFail()
    const token = auth.user?.currentAccessToken.identifier
    if (!token) {
      return response.badRequest({ message: 'Token not found' })
    }
    await User.accessTokens.delete(user, token)
    return response.ok({ message: 'Logged out' })
  }