Passport v9.1.0 Breaking Changes

Dries Vints
Dries Vints
Share:
  • ...
  • ...
  • ...

After the v9.0.0 release for Passport on Tuesday, we discovered an incompatibility with Personal Access Clients and the new client secret hashing feature. The fix that required for this introduces a breaking change for anyone who has already hashed the secret key of their Personal Access Client.

These steps are only necessary if you have already upgraded to v9 and already hashed your client secrets.

When using the client secret hashing is to generate a new Personal Access Client for your application using the passport:client command, your plain-text client secret will be displayed once:

php artisan passport:client --personal 

After copying your client ID and secret you should place them in your .env file using the following environment variables:

PASSPORT_PERSONAL_ACCESS_CLIENT_ID=client-id-valuePASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=unhashed-client-secret-value

Finally, you should register them in the "boot" method of your "AppServiceProvider":

Passport::personalAccessClientId( config('passport.personal_access_client.id'));Passport::personalAccessClientSecret( config('passport.personal_access_client.secret'));

Your new Personal Access Client will now be used to issue new personal access tokens. Any previously issued tokens will be invalid and will need to be re-generated.

For full details regarding upgrading to Passport v9 please see the upgrade guide.

Latest Stories

Here’s what we've been up to recently.

Request a code sample

Certified Quality. Great Prices

We use cookies to improve your experience and to help us understand how you use our site. By using this site, you accept our use of cookies. Cookie Infox