I ran into a problem today while trying to test out a Laravel API protected with OAuth2 via Laravel Passport. Essentially any time I tried to use Postman to consume an API protected by the
auth middleware, it would return an error response with the message
After some digging, I learned that this was simply because I was trying to use an access token that I had found in the
id column of the
oauth_access_tokens table. The thing is, this isn't an access token at all but just its identifier - the token itself is not stored in the database. Instead of trying to grab the token from the database, I issued a new OAuth password grant request using Postman, took the access token from the response and what do you know, no more
Looking back it is pretty obvious, but given that I spent the best part of an hour trying to crawl through the Passport source code to figure out what was going wrong before I realised my stupidity - I thought it might be useful to someone else if I shared my findings.