With a basic CRUD Laravel app containing API routes I wanted to protect the API behind Oauth. So I followed the instructions on the Laravel documentation and a great video by Andre Madarang on Youtube.
After following the steps of requiring passport in composer, migrating and adding the routes I was testing the oauth endpoints but got an error:
unsupported_grant_type
When I realised I had added the parameters as ‘Header’ variables when they should have been sent in the body as Multipart form fields:
![](https://blog.redbranch.net/wp-content/uploads/2019/06/insomnia-laravel-passport-1024x393.png)
With that change and using the appropriate client_id and secret I received an access token that I could use in subsequent requests by choosing ‘Bearer’ from the ‘Auth’ menu:
![](https://blog.redbranch.net/wp-content/uploads/2019/06/insomnia-laravel-token-request-1024x455.png)