After I updated the following packages I got an error that the oauth-public.key file couldn't be found.
Package operations: 1 install, 2 updates, 0 removals
Updating laravel/framework (v5.4.27 => v5.4.28): Downloading (100%)
Installing defuse/php-encryption (v2.1.0): Downloading (100%)
Updating league/oauth2-server (5.1.3 => 5.1.4): Downloading (100%)
Firstly I deleted the two oauth- files in project/storage and then executed this command: php artisan passport:install to generate new oauth- files.
Now I get the following error when trying to access an api route.
(1/1) ErrorException chmod(/var/dev/project/storage/oauth-public.key): Operation failed: Operation not permitted
Stack trace
in CryptKey.php (line 51)
at HandleExceptions->handleError(2, 'chmod(/var/dev/project/storage/oauth-public.key): Operation failed: Operation not permitted', '/var/dev/project/vendor/league/oauth2-server/src/CryptKey.php', 51, array('keyPath' => 'file:///var/dev/project/storage/oauth-public.key', 'passPhrase' => null, 'keyPathPerms' => '644'))
at chmod('file:///var/dev/project/storage/oauth-public.key', 384) in CryptKey.php (line 51)
at CryptKey->__construct('file:///var/dev/project/storage/oauth-public.key') in ResourceServer.php (line 50)
File permissions
-rw-r--r-- user:user oauth-private.key
-rw-r--r-- user:user oauth-public.key
Update 1
I found out that oauth Libaray introduced a security fix. Oauth V5 Security Improvements
Version 5.1.4 is a backwards compatbile with other 5.1.x releases.
You will notice in your server logs a message like this:
You must set the encryption key going forward to improve the security of this library - see this page for more information https://oauth2.thephpleague.com/v5-security-improvements/
To supress this notice once you have instantiated an instance of \League\OAuth2\Server\AuthorizationServer you should call the setEncryptionKey() method passing in at least 32 bytes of random data.
You can generate this using base64_encode(random_bytes(32)). Alternatively if you’re using a framework such as Laravel which has a encryption key already generated you can pass in that (in the case of Laravel use env('APP_KEY')).
Problem is that the maintainer of Laravel Passport has to fix this.
Update 2
After I removed the vendor folder and executed composer install again I get still the same error.
Try:
sudo chown www-data:www-data storage/oauth-*.key
sudo chmod 600 storage/oauth-*.key
It solves my problem.