passport: "storage/oauth-private.key" does not exist or is not readable.

I think you didn’t correctly install passport.

Please run this command:

php artisan passport:install

If the file is not exist use the following cmd

php artisan passport:keys

In my case this issue happened on OAuth login tests when building on CircleCI. I fixed this issue and by generating the OAuth key pair.

steps:
  - run: openssl genrsa -out storage/oauth-private.key 4096
  - run: openssl rsa -in storage/oauth-private.key -pubout > storage/oauth-public.key

I added those steps before PHPUnit step.

Well, according to /vendor/league/oauth2-server/src/CryptKey.php both files must be chown to http server (nginx/apache/whatever) and permissions set to 0600. Like:

sudo chmod 0600 storage/oauth*
sudo chown http:http storage/oauth*

Personally I dislike this. it breaks our existing code and forces me to set the user (not only the group) to http server.

This is the problematic commit: https://github.com/thephpleague/oauth2-server/commit/2f8de3d2302beb490abb9475cf426148801c25c4

As @ryankazokas previously mentioned, seems that updating passport to 3.0 solved the issue.

I am using passport 5.0 with laravel 5.6. Of course i do not store this keys in vcs, and when i deploy the project first time i get this error at composer install stage.

composer install --no-dev --prefer-dist -o

Loading composer repositories with package information
Installing dependencies from lock file
...
Generating optimized autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover

In CryptKey.php line 45:
                                                                               
  Key path "file:///home/.../public_html/storage/oauth-private.key" does not exist or is not readable                                                  
                                                                               

Script @php artisan package:discover handling the post-autoload-dump event returned with error code 1

Of course it does not exist, it does not generated yet!

We are also experiencing this issue over the last couple of days. The only workaround for us was to set the owner of these two files to www-data manually when they have always been root previously.

@libasoles @namelivia I was able to fix this by updating to the newest version(3.0) of laravel\passport The constructors are different from v2 to v3. https://github.com/laravel/passport/commit/6dc37eb5f8da996409ff041a8de62959dbba0cec

Should the composer file in 2.0.11 and below change the league outh dependency? currently it is: “league/oauth2-server”: “~5.0”,

I’m on Heroku, I’ve generated the keys with php artisan passport:keys and set the permission to 600 but Passport still complains about the keys

The file permission changes introduced in 2.0.11 have been disastrous for us too. We host our laravel containers and publish the shared oauth keys via secret files using volume mounts in a kubernetes cluster.

The website runs under user www-data, but the secret files are mounted and owned by root.

We are pegging our application at 2.0.10 as we are unable to change the ownership of the files.

If the file is not exist use the following cmd

php artisan passport:keys

Thank You buddy 😃

This issue is causing big problems here.

The file should be owned by www-data when accessing on web, and by myuser when accessing artisan tinker, because it try to run chmod, that can only be called by file owner (or root).

Dont do this line untill you have keys in a specific location for the file

in AuthServiceProvider.php

//Passport::loadKeysFrom(‘/secret-keys/oauth’);

@hemorej you must set the owner of the keys to your web server. On mac this helped me

sudo chown _www:_www storage/oauth-*.key

@MrKriegler thanks for this command, it fixed my problem !

@MrKriegler it’s already set to the owner, with 600 as the permission

I had this issue with Jenkins, turned out I just needed to add php artisan passport:keys into my deploy pipeline.

sudo chown www-data:www-data storage/oauth-*.key Saved my hours of effort 👍

@alexbilbie what about L5.3 users? Passport 3.0.* requires Illuminate packages for 5.4… I’m running Passport 1.0 at the moment.

@siarheipashkevich you need to ensure that the PHP process owns the private and public keys

@edgareler Running those two commands at the command line worked for me.

If you are having this issue on mac then

sudo chown _www:_www storage/oauth-*.key

Fixed my issue

I am also facing the issue. If you look at the CryptKey.php, it says you must assign 0600 permission to the keys (line 51) and also it should be readable(line 43), to pass this condition you need to assign 0644 permissions to the keys. It fails in one of the conditions. The solution could be changing ownership of the keys. However, I don’t know who should be the owner of the keys.

For temporary You can comment line 48 to 68 and change permissions to 644.

@Wolg just update your envoyer to run chmod at the end to return oauth keys to www-data. I just got this error and i’m still stuck with it

I did this and it worked: @task(‘update_permissions’) chgrp -R www-data {{ $app_dir }}; chmod -R ug+rwx {{ $app_dir }}; chown -R www-data:www-data {{ $app_dir }} . ‘/storage/oauth-*.key’; @endtask

In the centos linux the command chown apache:apache /storage -R work for me.

Having the same issue with Envoyer deployment. when deploying and performing php artisan optimize we need those files to belong deployment user (ec2-user on aws). But it will break entire application 'cause when accessing on web it should belong to web-server user (nginx).