Add DELETE /api/mobile/token so the app can revoke its token on logout

2026-06-17 16:40:31 +00:00 · 2026-06-12 15:12:38 +02:00
parent 54c959d18e
commit f9b3428865
3 changed files with 62 additions and 0 deletions
@@ -96,5 +96,12 @@ Route::post('/mobile/token', [MobileAuthController::class, 'token'])
    ->middleware('throttle:30,1')
    ->name('auth.mobile.token');

+// Logout for the mobile app: revokes the personal access token that
+// authenticated this request, so a local "disconnect" in the app also
+// invalidates the token server-side.
+Route::delete('/mobile/token', [MobileAuthController::class, 'revoke'])
+    ->middleware(['auth:sanctum', 'throttle:30,1'])
+    ->name('auth.mobile.token.revoke');
+
 Route::post('/check-auth-error', [LnurlAuthController::class, 'checkError'])
    ->name('auth.check-error');