How to fix 'You must set the encryption key going forward to improve the security of this library' error while upgrading laravel 5.1 - 5.4

Question

I am upgrading my laravel 5.1 to 5.5 we were using https://github.com/lucadegasperi/oauth2-server-laravel with the password grant.

Updated everything to laravel 5.3 and laravel Passport 1.0.x. But after moving to laravel 5.4 and upgrading Passport to version 2.0.x. My OAuth broke with the message

"You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/","file":"/home/vagrant/Code/api/vendor/league/oauth2-server/src/AuthorizationServer.php","line":142

Answer 1

The issue is because the current passport version 2.0 installs a later version of php league's oauth-server 2.0 which requires setting an extra security parameter as can be seen in the following implementation

New passport version > 2 (3,4,5) implements this https://github.com/laravel/passport/blob/5.0/src/PassportServiceProvider.php#L203

vs version 2

https://github.com/laravel/passport/blob/2.0/src/PassportServiceProvider.php#L204

Best to move on to latest laravel passport version 3 on wards fixes the issue. I can confirm.

Answer 2

I would suggest updating to 3.0 as soon as possible since this fixes a security concern. I just upgraded all my projects from 2.0 to 3.0, been running production for a few days and it seems to have no implications or breaking changes.