Send CryptKey instance to oauth2 with new permission check disabled.

[valeryan]

This will fix #453 that is caused by the changes to thephpleague/oauth2-server from here thephpleague/oauth2-server#776.

This disables the new permission check that was added in version 6.0.2 of oauth2-server. I feel like the permission check should be controlled through configuration and not just be statically disabled but passport does not currently have any need for configuration and it would be a pain to add configuration for one setting. So I think some decisions still need to be made on how to handle this change. However, this is a quick solution that restores passport to working order.

[prageeth]

I was just about to create a patch too 👍 Hopefully the PR gets merged and released soon.

[cringerjs]

The permission checks introduced completely break windows development as their files will always return 0666. Even though a PHP E_USER_WARNING is thrown, laravel's error handler is converting the user_notice from oauth2 to an exception.

Hope this is pulled in soon. Having to modify the PassportServiceProvider from my vendor folder just to get past this so I can resume development on my app. 🎩

[adiachenko]

I'm in favor of this. The new permission check breaks our Docker for Windows setup because chmod doesn't work on bind-mounted volumes.

[alexbilbie]

We'll get this merged and a point release out ASAP

[taylorotwell]

@alexbilbie so I should merge this?

[valeryan]

@taylorotwell @alexbilbie not that my opinion matters, but I think the better solution might be to figure out how to let the oauth user_notice not be an exception so that we don't have to disable the security check. This is my knee jerk fix to get thing working again for windows folks and it might be an okay interim fix while you guys hash out what to really do to fix this permanently.

[alexbilbie]

The main issues have been the following:

• Windows server incompatibilities with chmod at both a OS and PHP level
• Deployment difficulty with modern tooling like Kubernetes Secrets/Docker Secrets
• The OAuth library trying to automatically fix the incorrect permissions issue which many think is outside the scope of the library.

The OAuth library now no longer tries to automatically fix the issue - only warn the developer that something isn't correct.

If Laravel converts E_USER_NOTICE to exceptions then that is an issue for Passport/Laravel to solve not the parent library.

[arikh]

I am using laravel 5.3 in a project which is 1 and a half years old and recently started using Laravel Passport.
The passport version which is compatible with laravel 5.3 is "laravel/passport": "~1.0". When I installed it, it gives me the same error mentioned above. Am I doing something wrong? Or could you please tell me which would be the correct version of passport to be used for Laravel 5.3?