Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

kanav_kapoor's avatar

Laravel Passport Password Grant - Client authentication failed

After hearing a lot about laravel passport, i thought of implementing it into my new project where my requirement is to create an API that'll be used in a mobile app.

So my mobile app is a client, which will further have its users.

I followed the steps mentioned by Taylor and also read about it here. In nutshell i followed these steps:

  1. Installed laravel/passport.
  2. Created a website user.
  3. Generated passport keys php artisan passport:install
  4. Generated client_id and client_secret using php artisan passport:client
  5. Added redirection and callback routes in web.php
  6. Authorized the user and got the final access token.

Then i tried calling api/user( with Header Authorization containing value Bearer eyJ0eXAiOiJKV1...(token)

I received the data. Pretty simple and neat.

But my app users won't have these details. So i thought of configuring Password Grant Tokens which fits perfectly in my requirement.

Not starts the real headache. I've been trying yo set this up from the last 3 days and continuously getting

{"error":"invalid_client","message":"Client authentication failed"}

I've tried almost every guide i followed online: Redirection Issues, Add Atleast One Scope Solution, P100Y Issue etc.

But I'm still getting invalid client error. Here's what i'm passing through POSTMAN to oauth/token:

{
    "grant_type": "password,"
    "client_id": "3,"
    "client_secret": "8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g,"
    "username": "[email protected],"
    "password": "123456,"
    "scope": ""
}

Any help would be appreciated.

0 likes
4 replies
balakan's avatar

I have managed to get the Laravel Passport - Password_Grant_Token working through RESTED(POSTMAN like service) without any additional controllers or middlewares. Here is how I've managed to do it!

Install the default Auth-Scaffolding in laravel Install the passport Register a user through auth-scaffolding Goto RESTED or POSTMAN, or any other like service Check data in oauth_clients table for your form_params With RESTED through Request_body_form_data not headers write yours forms_params and send a POST request to */oauth/token (full url required)

(required form_params are grant_type, client_id, client_secret, username and password)

You should get in return an object with 4 keys (token_type, expires_in, access_token & refresh_token) and a status of 200 OK.

If all was succesfull so far...

Open another RESTED window:

Send a GET request to /api/user (again full url required) In headers write 2 name-value pairs (Accept => application/json, Authorization => Bearer ACCESS_TOKEN_GOTTEN_IN_PREVIOUS_REQUEST (to /oauth/token)

And that should be it. You should get an user object as response from /api/user.

tim.ogilvy@thecigroup.com.au's avatar

This is still an issue. Works in postman with 'form-data' but not with a JSON object.

Tulev's avatar

How do you set 'form-data' to GET request?

mkojoa's avatar

I really need solution to this? am getting the same error

Please or to participate in this conversation.