Daniel Camargo Daniel Camargo - 27 days ago 10
PHP Question

TokenMismatchException when refreshing token in passport laravel

I have recently followed the official documentation on how to properly install and setup Laravel Passport in a demo application (blog).

My routes are set up following these instructions:


Next, you should call the Passport::routes method within the boot
method of your AuthServiceProvider. This method will register the
routes necessary to issue access tokens and revoke access tokens,
clients, and personal access tokens:


While using Postman to run some sample requests I noticed that oauth/token/refresh route requires a CSRF token.

Running artisan route:list I got:

| | POST | oauth/token | | \Laravel\Passport\Http\Controllers\AccessTokenController@issueToken | throttle |
| | POST | oauth/token/refresh | | \Laravel\Passport\Http\Controllers\TransientTokenController@refresh | web,auth |


Any ideas on how to properly refresh the token?

Answer Source

Csrf can be disabled for desired URI-s, as stated on https://laravel.com/docs/5.3/csrf . For an example, In VerifyCsrfToken class I've added one value

    protected $except = [
    'oauth/authorize',
];

and it works.