When doing a SPA application, if the request API interface returns 401, and it is invalid after setting according to https://laravel.com/docs/5.5/passport#consuming-your-api-with-javascript, then you can refer to here
App\Providers\AuthServiceProvider
You should have to follow the tutorial in the configuration Passport::routes()
, add the following in his line Passport::$ignoreCsrfToken = true;
this time you find a properly.
Yes Passport closes CSRF verification is closed separately.