Unable to create personal access tokens when using hashed client secrets

[aaronhuisinga]

• Passport Version: 9.0.1
• Laravel Version: 7.10.3
• PHP Version: 7.4.3
• Database Driver & Version: MySQL 8.0.19

Description:

After upgrading to Passport v9, enabling hashed client secrets (Passport::hashClientSecrets()), and running the command to hash the secrets in the database, we are unable to create Personal Access Tokens.

When using the included Vue component, we receive a 500 (Client authentication failed) when trying to create a new Personal Access Token.

Strangely, even after hashing the client secrets in the database, removing the Passport:hashClientSecrets() method from the AppServiceProvider fixes the issue and allows Personal Access Tokens to be created.

[driesvints]

Hey @aaronhuisinga. We've released v9.1.0 which fixes this.

Unfortunately we weren't able to fix this without introducing a new breaking change. If you already hashed the secret of your personal access client in production you'll have to generate a new one and set its client id and secret in your .env file. Here's steps on how to do that: https://github.com/laravel/passport/blob/9.x/UPGRADE.md#personal-access-clients

We're very sorry about this. Unfortunately we didn't caught this in the original pull request that was sent in.

[aaronhuisinga]

Thanks for the fix @driesvints! Glad it was caught early, and hopefully before too many people updated to v9.