Laravel 6 passport returns 400 Bad request on wrong credential

Question

I use Laravel 6 passport grant password for my Vue backend.

When i send right credential to oauth/token it works and returns token, but when i send wrong (email/password) it returns 400 instead of 401 with this message.

    {
    "error": "invalid_grant",
    "error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
    "hint": "",
    "message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

I checked client_id and client_secret.

I tested with new installed Laravel + passport with out single line of code, Laravel 5.8 returns 401 without any problem but Laravel 6 returns 400 bad request.

Do you have any Idea?

Answer 1

Finally i found the problem, the problem is back to league/oauth2-server which that used by Laravel passport.

They changed response from 401 to 400 in version 8.

PR link

I changed my code in login section to this.

switch ($e->getCode()) {
    case 400:
    case 401:
        return response()->json('Your credentials are incorrect. Please try again', $e->getCode());
    break;
    default:
        return response()->json('Something went wrong on the server', $e->getCode());

}