英文:
The consumer isn't authorized to access %resources
问题
Magento版本2.3.3
通过API成功获取了管理员令牌,但尝试使用该令牌获取任何资源时,我收到此消息:“消费者未被授权访问%resources。”
用户是管理员,拥有对所有资源的访问权限。没有标记为“允许将OAuth访问令牌用作独立的Bearer令牌”的字段,以便我可以启用它。
还可以做什么?
我在使用Postman。
在Magento管理中,使用集成详细信息获取管理员令牌,从rest/V1/integration/admin/token
获取令牌
然后使用响应中的访问令牌作为Bearer令牌来访问资源,例如从rest/V1/products
Authorization: "Bearer <admin access token obtained>"
英文:
Magento version 2.3.3
Admin token is successfully obtained using the API, however, when trying to fetch any resource using that token, I get this message: "The consumer isn't authorized to access %resources."
The user is Administrator and has access to all of the resources. There's no field labeled "Allow OAuth Access Tokens to be used as standalone Bearer tokens" so that I can enable it.
What else can be done ?
I'm using Postman.
Using OAuth with the integration details in Magento admin to get the admin token from rest/V1/integration/admin/token
Then using the access token in response as a Bearer token to access resources, for example from rest/V1/products
Authorization: "Bearer <admin access token obtained>"
答案1
得分: 2
Section Authorization:
选择类型:Bearer Token
粘贴令牌如下:
Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...
或从Magento2文档(Adobe)中获取
要禁用此功能,请登录到管理员面板,然后导航到
商店 > 设置 > 配置 > 服务 > Magento Web API > Web
API 安全性。然后从“允许匿名访客访问”菜单中选择“是”。
这是一个需要小心处理的设置。
英文:
Are you passing the token correctly?
Section Authorization:
Choose Type: Bearer Token
Paste the token like
Bearer: 743h8n9c4hmf984hf89mfhem8hcr8mherg87erh8g7er7cg8er7cg87erc...
Or from Magento2 docs (Adobe)
> To disable this feature, log in to the Admin panel and navigate to
> Stores > Settings > Configuration > Services > Magento Web API > Web
> API Security. Then select Yes from the Allow Anonymous Guest Access
> menu.
A setting you should be careful with.
答案2
得分: 0
请登录到管理员面板,然后:
- 考虑在SYSTEM > Extensions > Integrations > "Add New Integration"下添加一个新的集成。
- 不要忘记在"Add New Integration" > API下选择"All"或选择"Resource Access"并保存。
- 保存后,激活您的集成以获取消费者密钥、访问令牌等。
- 在STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings"下,将"Allow OAuth Access Tokens to be used as standalone Bearer tokens"设置为"Yes"。
- 在SYSTEM > Tools > Cache Management > "Flush Cache Storage"下清除缓存。
现在,您可以将集成的访问令牌用作Bearer令牌。
🔒 但是,请务必仅在服务器端代码中使用,而不要在客户端代码中使用以保持安全。
英文:
Please, log in to the Admin Panel and
- Consider adding a new integration under SYSTEM > Extensions > Integrations > "Add New Integration".
- Don't forget to select "All" or select "Resource Access" to your integration under "Add New Integration" > API and save.
- Once saved, activate your integration to get the consumer key, access token, etc.
- Under STORES > Settings > Configuration > SERVICES > OAuth > "Consumer Settings" > set "Allow OAuth Access Tokens to be used as standalone Bearer tokens" to "Yes.
- Clear the cache under SYSTEM > Tools > Cache Management > "Flush Cache Storage"
Now, you can use your integration's Access Token as Bearer Token.
🔥 However, you should never use it in client-side code but only in a server-side one to keep it secure.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论