Passport: Password grant type throws an error saying "You must set encryption key going forward ...."

Created on 2 Jul 2017  ·  6Comments  ·  Source: laravel/passport

Hello guys, I am trying to implement passport in my laravel application, but i am stucked in this weird error, below is my code :

public function login(Request $request)
    {
        $proxy = Request::create('oauth/token', 'POST', [
            'grant_type'    => 'passport',
            'client_id'     => '2',
            'client_secret' => 'z36OUnxbVNmdMKbqpPtigPy9SOBUJ2cVmyVb7nRn',
            'username'      => $request->get('email'),
            'password'      => $request->get('password'),
            'scope'         => null,
        ]);
        return Route::dispatch($proxy);
    }

And here is the error I am receiving ...

You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/

picture plmrlnsnts
👍1

Most helpful comment

Just ran into the same issue as @paulmarlonsantos ran into.

@taylorotwell @alexbilbie I think the correct update to PassportServiceProvider is the following:

    public function makeAuthorizationServer()
    {
        $server = new AuthorizationServer(
            $this->app->make(ClientRepository::class),
            $this->app->make(AccessTokenRepository::class),
            $this->app->make(ScopeRepository::class),
            'file://'.Passport::keyPath('oauth-private.key'),
            'file://'.Passport::keyPath('oauth-public.key')
        );

        $server->setEncryptionKey(env('APP_KEY'));

        return $server;
    }
picture ellisio on 4 Jul 2017
👍95

All 6 comments

This is fixed by #415.

Hopefully @taylorotwell will be able to cut a new release soon.

@paulmarlonsantos please visit https://oauth2.thephpleague.com/v5-security-improvements/ for further details

alexbilbie picture alexbilbie on 2 Jul 2017

Thanks!

plmrlnsnts picture plmrlnsnts on 3 Jul 2017

Hello @alexbilbie

I've seen the commit @taylorotwell made by replacing the following line in makeAuthorizationSever() of PassportServiceProvider

'file://'.Passport::keyPath('oauth-public.key')

with this ...

env('APP_KEY')

but since the constructor of AuthorizationServer class in leauge/oauth2-server package does this

if ($publicKey instanceof CryptKey === false) 
{
    $publicKey = new CryptKey($publicKey); 
}

the following error will trigger ...

Key path "file://base64:qzJT8d/i8WvZTuZ2e1l..." does not exist or is not readable

since the CryptKey prepends the string _file://_ in the $keypath

if (strpos($keyPath, 'file://') !== 0) 
{
    $keyPath = 'file://' . $keyPath;
}

I hope this can be of some help to you guys.

plmrlnsnts picture plmrlnsnts on 3 Jul 2017

Just ran into the same issue as @paulmarlonsantos ran into.

@taylorotwell @alexbilbie I think the correct update to PassportServiceProvider is the following:

    public function makeAuthorizationServer()
    {
        $server = new AuthorizationServer(
            $this->app->make(ClientRepository::class),
            $this->app->make(AccessTokenRepository::class),
            $this->app->make(ScopeRepository::class),
            'file://'.Passport::keyPath('oauth-private.key'),
            'file://'.Passport::keyPath('oauth-public.key')
        );

        $server->setEncryptionKey(env('APP_KEY'));

        return $server;
    }
ellisio picture ellisio on 4 Jul 2017
👍95

Spot on!

plmrlnsnts picture plmrlnsnts on 4 Jul 2017

This is fixed with a tag update @taylorotwell

alexbilbie picture alexbilbie on 4 Jul 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

huiyonghkw picture huiyonghkw  ·  3Comments
parth-vora-7 picture parth-vora-7  ·  4Comments
brryfrmnn picture brryfrmnn  ·  3Comments
rudolfdobias picture rudolfdobias  ·  3Comments
aluferraz picture aluferraz  ·  3Comments