Passport: \League\OAuth2\Server\AuthorizationServer::setEncryptionKey() is never called

Created on 12 Jul 2017  ·  4Comments  ·  Source: laravel/passport

Laravel: v5.4.28
Passport: v1.0.17
League\OAuth2: v5.1.5

I suddenly began seeing this error on my production environment when mobile app was trying to authenticate via API:

ErrorException: You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/

If you follow that link you will see that AuthorizationServer now requires you to explicitly call setEncryptionKey() on AuthorizationServer which of course is never happening.

Since PassportServiceProvider instantiates AuthorizationServer shouldn't it also call setEncryptionKey() to avoid this error?

picture playerrtwo
😕4

Most helpful comment

I'm seeing this as well. for the time being if I force "league/oauth2-server": "5.1.3" in composer.json the error goes away.

picture bjholmes23 on 12 Jul 2017
👍2

All 4 comments

I'm seeing this as well. for the time being if I force "league/oauth2-server": "5.1.3" in composer.json the error goes away.

bjholmes23 picture bjholmes23 on 12 Jul 2017
👍2

Version v1.0.18 fixes this.

Frozire picture Frozire on 13 Jul 2017
👍1

I just updated to version 1.0.18 in a Laravel 5.3.31 project and I got this error:
PersonalAccessTokenFactory.php line 98: Trying to get property of non-object
Seems like the $client is null for some reason.

santilorenzo picture santilorenzo on 13 Jul 2017

Please update to Passport 3.0.* to address these issues.

alexbilbie picture alexbilbie on 19 Jul 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

andcl picture andcl  ·  3Comments
rudolfdobias picture rudolfdobias  ·  3Comments
Adesubomi picture Adesubomi  ·  4Comments
huiyonghkw picture huiyonghkw  ·  3Comments
seriousjelly picture seriousjelly  ·  3Comments