2 months ago

DecriptionException: The MAC is invalid - Laravel Sanctum

Posted 2 months ago by akcreek

I've got a fresh install of Laravel 7.1 with Sanctum 2.0 running at api.domain.test and a fresh install of a Vue CLI frontend at app.domain.test.

I'm able to retrieve the CSRF cookie from the /sanctum/csrf-cookie route and Axios is setting the X-XSRF-TOKEN header when making a request to the /login route, but the VerifyCsrfToken middleware is throwing a DecriptionException stating that the MAC is invalid.

I tested the app's ability to encrypt and decrypt via Tinker, which works as expected. I didn't find much searching. This seems to be a common issue when people are swapping the APP_KEY, after encrypting data, but that isn't the issue here.

Any suggestions on what I should be looking for here?

Please sign in or create an account to participate in this conversation.