Laravel Passport invalid_grant for password grant_type

Question

I've been trying to create an access_token for my api. I've followed the setup and am using Postman to test/create a token. I can't seem to get past an invalid_grant error.

I've tried what seems like every combination I've been able to find without any luck. Here is my setup:

Sending a POST request to: http://mywebsite.local/oauth/token

In the body, I am setting form-data to this (name/value):

grant_type      password
client_id       1
client_secret   <super_long_string>
username        [email protected]
password        secret

I've used tinker to create a dummy user:

factory('App\User')->create()

I use the newly created user for my username/password above.

Regardless of what I'm doing (short of not passing anything) this is the error I'm always seeing:

{
    "error": "invalid_grant",
    "error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
    "hint": "",
    "message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

I've read many times this means the grant_type I'm trying to get doesn't match up to the client. I'm using php artisan passport:client --password to create the client, so I don't understand why it's invalid. I only have one client, so I know I'm using the correct id. This issue seems like the same thing, I am seeing but has since been closed.

For my headers I'm only setting Content-Type application/json, and I have nothing set for Authorization headers.

I'm not sure what else to try. Thank you for any suggestions!

Answer 1

as it is stated here, from the 5.8 version the default password "secret" has beeen updated to "password". so you are entering the old password.

Answer 2

Try to hash your password for the user. At first I think the password needs to be at least 8 characters long. Then, e.g. if you use "test1234" as the password for the created user, go to your terminal and type:

>> php artisan tinker

>> echo bcrypt('test1234')

Copy the output and save it in the password database column of your created user instead of test1234. Now your post request to http://mywebsite.local/oauth/token should work.