Heroku and Laravel Passport

Question

I try to install my app on Heroku. This app is a PHP/Laravel app with the "Passport" for the authentication. All is running fine in my local machine (MacOS).

When I try to do a simple 'post' with Postman, I have this error :

2018-03-17T17:05:22.059708+00:00 app[web.1]: [17-Mar-2018 17:05:22 UTC] [2018-03-17 17:05:22] production.ERROR: Key path "file:///app/storage/oauth-private.key" does not exist or is not readable {"exception":"[object] (LogicException(code: 0): Key path "file:///app/storage/oauth-private.key" does not exist or is not readable at /app/vendor/league/oauth2-server/src/CryptKey.php:45)"} []

To setup passport, I generated the keys with :

php artisan passport:install

And I see the keys in my database in Heroku. So the command worked properly.

So what is this error ?

I tried also to regenerate the keys, to stop and restart the application. Without successes.

Edit

In fact, the key files are not generated in the folder app/storage, that's why there is this error. But why these files are not generated?

Answer 1

The solution is here: https://github.com/laravel/passport/issues/267

Add these few lines into your composer.json under the "scripts" property, then commit and deploy into Heroku:

"post-install-cmd": [ 
        "php artisan clear-compiled",
        "chmod -R 777 storage", 
        "php artisan passport:keys"
    ]

But, after that you have to delete the keys from the table "oauth-clients", then regenerate these keys with :

php artisan passport:install

Answer 2

About the @Dom answer, It will log out your users with every deployment, so if you're really using Heroku and not Dokku (as in my case), I recommend you to generate the keys by using that command: php artisan passport:keys and then via Nano copy the keys generated in storage/oauth-public.key and storage/oauth-private.key into multiline env variables, then you can use this post install script in composer.json:

"post-install-cmd": [ "php artisan clear-compiled", "chmod -R 777 storage", "echo -n $OAUTH_PRIVATE_KEY > storage/oauth-private.key", "echo -n $OAUTH_PUBLIC_KEY > storage/oauth-public.key" ]

That will regenerate the keys from ENV with every deployment and keep your users logged in.

If that solution doesn't work, you could still remove '/storage/*.key' line from .gitignore

Answer 3

Laravel Passport has a configuration that allows to set public and private keys as environment variables.

You can run php artisan vendor:publish --tag=passport-config on your local machine and commit the change.

Then set PASSPORT_PRIVATE_KEY and PASSPORT_PUBLIC_KEY on Heroku config.

Found from this blog

Answer 4

My solution was quite straight forward:

1. go to your .gitignore file
2. comment out /storage/*.key
3. re-deploy to heroku

It appears that the oauth-keys are ignored by default in Laravel (v.7)

Answer 5

Loading Keys From The Environment
Alternatively, you may publish Passport's configuration file using the vendor:publish Artisan command:

php artisan vendor:publish --tag=passport-config

After the configuration file has been published, you may load your application's encryption keys by defining them as environment variables:

PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
<private key here>
-----END RSA PRIVATE KEY-----"

PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
<public key here>
-----END PUBLIC KEY-----"

Passport documentation

Answer 6

I have a better solution to the problem that does not require making your keys public

1. connect to your heroku account via you terminal
2. Run heroku ps:exec
3. Run php artisan passport:keys