Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while using league/oauth2-server: 5.1.5 #432

Closed
Hanson opened this issue Jul 13, 2017 · 8 comments
Closed

Error while using league/oauth2-server: 5.1.5 #432

Hanson opened this issue Jul 13, 2017 · 8 comments

Comments

@Hanson
Copy link

Hanson commented Jul 13, 2017

When I run php artisan route:list

It show

You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/

There's no exception while I require oauth2-server: 5.1.4
@Frozire
Copy link

Frozire commented Jul 13, 2017

This has been fixed in v1.0.18, please update and see if the error remains.

@Hanson
Copy link
Author

Hanson commented Jul 13, 2017

@Frozire Thanks for your answer. Now I'm using passport:2.0.11 , should I downgrade it ?

@Frozire
Copy link

Frozire commented Jul 13, 2017
edited
Loading

@Hanson Sorry, I assumed you were using v1.x.

I would suggest updating to 3.0 as soon as possible since this fixes a security concern. I just upgraded all my projects from 2.0 to 3.0, been running production for a few days and it seems to have no implications or breaking changes.

@riskis
Copy link

riskis commented Jul 13, 2017
edited
Loading

@Frozire Thanks for your support! Versión 3 solved my problems!

Edit:
I have an error when try to refresh a token =>
{
"error": "invalid_request",
"message": "The refresh token is invalid.",
"hint": "Cannot decrypt the refresh token"
}

@Greenelf
Copy link

I am goin to make pull request... but you solved problem ))) Thank you

@k1m0ch1 k1m0ch1 mentioned this issue Jul 14, 2017
Closed
@davehenke
Copy link

davehenke commented Jul 17, 2017
edited
Loading

@riskis I am receiving the same error. Did you ever find out what happened? My refresh tokens always worked, but since upgrading to 3.0 to fix this, revoking an access token and attempting a refresh (generated by 3.0) results in

dev.ERROR: League\OAuth2\Server\Exception\OAuthServerException: The refresh token is invalid. in /home/vagrant/***/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:155

"Cannot decrypt the refresh token"

@alexbilbie
Copy link
Contributor

Author of the OAuth library that Passport uses here 👋

I will try to answer everyone's points:

@Hanson if you update to Passport 3.0.* this issue is now resolved and a hard error is no longer thrown
@riskis @bounds currently the library is throwing a 400 error instead of a 403 error - this bug is being tracked in thephpleague/oauth2-server#759

@alexbilbie alexbilbie marked this as a duplicate of #433 Jul 19, 2017
@alexbilbie
Copy link
Contributor

Please upgrade to Laravel 3.0.* if you haven't already and ensure that league/oauth2-server has been updated to at least 6.0.2.

@luceos luceos mentioned this issue Aug 9, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@alexbilbie @Frozire @davehenke @Hanson @Greenelf @riskis