How to fix invalid_grant Error with Laravel Passport
If you are upgrading from Laravel 6 to Laravel 7, and you are using Laravel Passport, you might encounter some authentication errors related to 400 HTTP status code and invalid_grant
.
This may come as a got-cha since it is not documented in the official Passport upgrade guide. Main reason for that is because, it's not a Passport change. Instead it's the underlying package thephpleague/oauth2-server that has made the change.
So how do we fix it?
There are 2 changes that you need to take note when you are upgrading from Passport 7.x to 8.x or 9.x.
-
invalid_credentials
is now renamed toinvalid_grant
. - The 401 HTTP status code returned on invalid credentials is now changed to 400.
The details are in this PR.
You could probably just update the string / HTTP status code in your codes and test cases accordingly to fix the errors as the PR seems pretty straight-forward. However a disclaimer, I could be wrong so do your own investigation as required particularly if you run a sensitive app.