autocde2.0/app/Http/Controllers/API/AuthController.php

<?php

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Http\Requests\API\User\LoginRequest;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
use Laravel\Sanctum\PersonalAccessToken;

class AuthController extends Controller
{
    public function login(LoginRequest $request)
    {
        $user = User::query()
            ->where("username", $request->username)
            ->orWhere("email", $request->username)
            ->first();

        if (! $user || ! Hash::check($request->password, $user->password)) {
            throw ValidationException::withMessages([
                'username' => [__("auth.failed")],
            ]);
        }

        //Duplicate logins are not allowed
        PersonalAccessToken::query()->where("tokenable_type", User::class)
            ->where("name", 'user')
            ->where("tokenable_id", $user->id)
            ->delete();

        return $this->success([
            'data' => [
                'token' => $user->createToken('user')->plainTextToken,
            ]
        ]);
    }


    public function logout()
    {
        Auth::user()->currentAccessToken()->delete();

        return $this->noContent();
    }
}