I have recently followed the official documentation on how to properly install and setup Laravel Passport in a demo application (blog).
My routes are set up following these instructions:
Next, you should call the Passport::routes method within the boot
method of your AuthServiceProvider. This method will register the
routes necessary to issue access tokens and revoke access tokens,
clients, and personal access tokens:
| | POST | oauth/token | | \Laravel\Passport\Http\Controllers\AccessTokenController@issueToken | throttle |
| | POST | oauth/token/refresh | | \Laravel\Passport\Http\Controllers\TransientTokenController@refresh | web,auth |
Csrf can be disabled for desired URI-s, as stated on https://laravel.com/docs/5.3/csrf . For an example, In VerifyCsrfToken class I've added one value
protected $except = [ 'oauth/authorize', ];
and it works.