消费者未被授权访问%resources

huangapple go评论110阅读模式
英文:

The consumer isn't authorized to access %resources

问题

Magento版本2.3.3

通过API成功获取了管理员令牌,但尝试使用该令牌获取任何资源时,我收到此消息:“消费者未被授权访问%resources。”

用户是管理员,拥有对所有资源的访问权限。没有标记为“允许将OAuth访问令牌用作独立的Bearer令牌”的字段,以便我可以启用它。

还可以做什么?

我在使用Postman。

在Magento管理中,使用集成详细信息获取管理员令牌,从rest/V1/integration/admin/token获取令牌

然后使用响应中的访问令牌作为Bearer令牌来访问资源,例如从rest/V1/products

Authorization: "Bearer <admin access token obtained>"

英文:

Magento version 2.3.3

Admin token is successfully obtained using the API, however, when trying to fetch any resource using that token, I get this message: "The consumer isn't authorized to access %resources."

The user is Administrator and has access to all of the resources. There's no field labeled "Allow OAuth Access Tokens to be used as standalone Bearer tokens" so that I can enable it.

What else can be done ?

I'm using Postman.

Using OAuth with the integration details in Magento admin to get the admin token from rest/V1/integration/admin/token

Then using the access token in response as a Bearer token to access resources, for example from rest/V1/products

Authorization: &quot;Bearer &lt;admin access token obtained&gt;&quot;

答案1

得分: 2

Section Authorization:
选择类型:Bearer Token

粘贴令牌如下:

Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...

或从Magento2文档(Adobe)中获取

要禁用此功能,请登录到管理员面板,然后导航到
商店 > 设置 > 配置 > 服务 > Magento Web API > Web
API 安全性。然后从“允许匿名访客访问”菜单中选择“是”。

这是一个需要小心处理的设置。

英文:

Are you passing the token correctly?

Section Authorization:
Choose Type: Bearer Token

Paste the token like

Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...

Or from Magento2 docs (Adobe)

> To disable this feature, log in to the Admin panel and navigate to
> Stores > Settings > Configuration > Services > Magento Web API > Web
> API Security. Then select Yes from the Allow Anonymous Guest Access
> menu.

A setting you should be careful with.

答案2

得分: 0

请登录到管理员面板,然后:

  • 考虑在SYSTEM > Extensions > Integrations > "Add New Integration"下添加一个新的集成。
    • 不要忘记在"Add New Integration" > API下选择"All"或选择"Resource Access"并保存。
    • 保存后,激活您的集成以获取消费者密钥、访问令牌等。
  • 在STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings"下,将"Allow OAuth Access Tokens to be used as standalone Bearer tokens"设置为"Yes"。
  • 在SYSTEM > Tools > Cache Management > "Flush Cache Storage"下清除缓存。

现在,您可以将集成的访问令牌用作Bearer令牌。
🔒 但是,请务必仅在服务器端代码中使用,而不要在客户端代码中使用以保持安全。

英文:

Please, log in to the Admin Panel and

  • Consider adding a new integration under SYSTEM > Extensions > Integrations > "Add New Integration".
    • Don't forget to select "All" or select "Resource Access" to your integration under "Add New Integration" > API and save.
    • Once saved, activate your integration to get the consumer key, access token, etc.
  • Under STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings" > set "Allow OAuth Access Tokens to be used as standalone Bearer tokens" to "Yes.
  • Clear the cache under SYSTEM > Tools > Cache Management > "Flush Cache Storage"

Now, you can use your integration's Access Token as Bearer Token.
🔥 However, you should never use it in client-side code but only in a server-side one to keep it secure.

huangapple
  • 本文由 发表于 2023年2月6日 18:01:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/75359817.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定