I've got a fresh install of Laravel 7.1 with Sanctum 2.0 running at api.domain.test and a fresh install of a Vue CLI frontend at app.domain.test.
I'm able to retrieve the CSRF cookie from the /sanctum/csrf-cookie route and Axios is setting the X-XSRF-TOKEN header when making a request to the /login route, but the VerifyCsrfToken middleware is throwing a DecriptionException stating that the MAC is invalid.
I tested the app's ability to encrypt and decrypt via Tinker, which works as expected. I didn't find much searching.
This seems to be a common issue when people are swapping the APP_KEY, after encrypting data, but that isn't the issue here.
Any suggestions on what I should be looking for here?
This has indeed something to do with the APP_KEY that has been changed or the encryption method might be changed.
Can you try to clear your browser cache? The complete cache for your specific test domain. It can be an old cookie or CSRF-token that is set in the session that breaks this.
Thanks for the suggestions, but I'm 100% certain the APP_KEY and encryption method have not been changed. This is a fresh (today) install that has only had the original key in the .env and the cipher is still AES-256-CBC as set in the app config.
I did try clearing the application and browser caches as well as tried different browsers to be certain and no luck still.
I've also done an additional fresh install since posting this and received the the same results unfortunately.
Just to close this out... I couldn't resolve the error so I abandoned Sanctum and went with Passport. No issues at all getting passport running with password grant tokens and personal access tokens.
@akcreek Very strange that Sanctum is not working for you. Passport is a good alternative as well ;)
@bobbybouwmann Hello, I was trying sanctum using Postman (I know, I should be using SPA, but I'm totally backend on this project) and everything is going well... but suddenly, I thought... why don't just try to send a cookie corrupted? I send it and get this MAC IS INVALID 500... what do you think about it?
@thewizard I honestly have no clue
@akcreek I have the exact same issue as you.
Were you able to find a solution or should I just switch to passport?
I didn't find a solution so I switched to Passport, which has worked just fine for my needs.
Please or to participate in this conversation.