Passport: Error while using league/oauth2-server: 5.1.5

This has been fixed in v1.0.18, please update and see if the error remains.

@Frozire Thanks for your answer. Now I'm using passport:2.0.11 , should I downgrade it ?

@HanSon Sorry, I assumed you were using v1.x.

I would suggest updating to 3.0 as soon as possible since this fixes a security concern. I just upgraded all my projects from 2.0 to 3.0, been running production for a few days and it seems to have no implications or breaking changes.

@Frozire Thanks for your support! Versión 3 solved my problems!

Edit:
I have an error when try to refresh a token =>
{
"error": "invalid_request",
"message": "The refresh token is invalid.",
"hint": "Cannot decrypt the refresh token"
}

I am goin to make pull request... but you solved problem ))) Thank you

@riskis I am receiving the same error. Did you ever find out what happened? My refresh tokens always worked, but since upgrading to 3.0 to fix this, revoking an access token and attempting a refresh (generated by 3.0) results in

dev.ERROR: League\OAuth2\Server\Exception\OAuthServerException: The refresh token is invalid. in /home/vagrant/***/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:155

"Cannot decrypt the refresh token"

Author of the OAuth library that Passport uses here 👋

I will try to answer everyone's points:

@HanSon if you update to Passport 3.0.* this issue is now resolved and a hard error is no longer thrown
@riskis @bounds currently the library is throwing a 400 error instead of a 403 error - this bug is being tracked in thephpleague/oauth2-server#759

Please upgrade to Laravel 3.0.* if you haven't already and ensure that league/oauth2-server has been updated to at least 6.0.2.