ahinkle
commented
2 years ago What errors are you getting?
Open jeroen-hso opened 2 years ago
ahinkle
commented
2 years ago What errors are you getting?
jeroen-hso
commented
2 years ago 401 Unauthorized
array:2 [▼ "message" => "User is not authorized to %resources" "parameters" => array:1 [▼ "resources" => "Magento_Catalog::products" ] ]
More information: https://developer.adobe.com/commerce/webapi/get-started/authentication/gs-authentication-token/
In previous versions of Commerce, the access token could be used on its own for token-based authentication. This behavior has been disabled by default due to the security implications of a never-expiring access token. Namely, if the access token is compromised it provides undetected persistent access to a store.
ahinkle
commented
2 years ago ha, darn how unfortunate. classic Magento changing things up. I'm open to PRs but likely this will be tough because of the authenticators and the tokens. In this package, they are in a persistent config state vs. now they are dynamic on request. It's also important that we allow legacy (token-based) authentication as well.
To be frank, this is unfortunate to hear as BigCommerce, Shopify, and other major eCommerce platforms are still rolling with token-based authentication.
jeroen-hso
commented
2 years ago I'm not so skilled to create the additional coding for this. I will use this workaround for now:
However, while it is not recommended, this behavior can be restored in the Admin by setting the Stores > Configuration > Services > OAuth > Consumer Settings > Allow OAuth Access Tokens to be used as standalone Bearer tokens option to Yes.
We are upgrading to Magento 2.4.4 and authorization is not working in staging environment. Is this related to https://github.com/grayloon/magento-laravel-api/issues/86? Is there a workaround to use this package with Magento 2.4.4?
Thanks in advance for your help.