search

magento / magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
http://www.magento.com
Open Software License 3.0
11.36k stars 9.28k forks source link

The consumer isn't authorized to access %resources. Magento 2.4.5-p1 on staging environment #38426

Open nilaykumardeveloper opened 4 months ago

nilaykumardeveloper commented 4 months ago

Summary

In the testing environment, it gives below errors,

{
"message": "The consumer isn't authorized to access %resources.",
"parameters": {
    "resources": "Magento_Sales::actions_view"
},
"trace": "#0 /var/www/html/vendor/magento/module-webapi/Controller/Rest/RequestValidator.php(68): Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor->___callParent('validate', Array)\n#3 /var/www/html/vendor/paypal/module-braintree-core/Plugin/RestValidationPlugin.php(86): Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor->Magento\\Framework\\Interception\\{closure}()\n#4 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(135): PayPal\\Braintree\\Plugin\\RestValidationPlugin->aroundValidate(Object(Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor), Object(Closure))\n#5 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor->Magento\\Framework\\Interception\\{closure}()\n#6 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/RequestValidator/Interceptor.php(23): Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor->___callPlugins('validate', Array, NULL)\n#7 /var/www/html/vendor/magento/module-webapi/Controller/Rest/InputParamsResolver.php(108): Magento\\Webapi\\Controller\\Rest\\RequestValidator\\Interceptor->validate()\n#8 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#9 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callParent('resolve', Array)\n#10 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->Magento\\Framework\\Interception\\{closure}()\n#11 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/InputParamsResolver/Interceptor.php(23): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callPlugins('resolve', Array, Array)\n#12 /var/www/html/vendor/magento/module-webapi/Controller/Rest/SynchronousRequestProcessor.php(85): Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->resolve()\n#13 /var/www/html/vendor/magento/module-webapi/Controller/Rest.php(195): Magento\\Webapi\\Controller\\Rest\\SynchronousRequestProcessor->process(Object(Magento\\Framework\\Webapi\\Rest\\Request\\Proxy))\n#14 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#15 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callParent('dispatch', Array)\n#16 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\\Webapi\\Controller\\Rest\\Interceptor->Magento\\Framework\\Interception\\{closure}(Object(Magento\\Framework\\App\\Request\\Http))\n#17 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/Interceptor.php(23): Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#18 /var/www/html/vendor/magento/framework/App/Http.php(116): Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#19 /var/www/html/vendor/magento/framework/App/Bootstrap.php(264): Magento\\Framework\\App\\Http->launch()\n#20 /var/www/html/pub/index.php(30): Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http\\Interceptor))\n#21 {main}"

}

Its already Yes in: Allow OAuth Access Tokens.

I tried it in PHP script with Integration user as well as bearer token and not working in both scenario. The main thing is that live and local environment looks fine with same code file and DB setup.

So my concern is that, Is any configuration on server can impact on this?

PHP script:

<?php

function sign($method, $url, $data, $consumerSecret, $tokenSecret)
{
$url = urlEncodeAsZend($url);
$data = urlEncodeAsZend(http_build_query($data, '', '&'));
$data = implode('&', [$method, $url, $data]);
$secret = implode('&', [$consumerSecret, $tokenSecret]);
return base64_encode(hash_hmac('sha256', $data, $secret, true));
}
function urlEncodeAsZend($value)
{
$encoded = rawurlencode($value);
$encoded = str_replace('%7E', '~', $encoded);
return $encoded;
}
// REPLACE WITH YOUR ACTUAL DATA OBTAINED WHILE CREATING NEW INTEGRATION

$consumerKey = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $consumerSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $accessToken = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $accessTokenSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $method = 'GET';
$url = 'http://xxxx.staging.com/rest/V1/orders/38024';

$data = [
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => md5(uniqid(rand(), true)),
'oauth_signature_method' => 'HMAC-SHA256',
'oauth_timestamp' => time(),
'oauth_token' => $accessToken,
'oauth_version' => '1.0',
];
$data['oauth_signature'] = sign($method, $url, $data, $consumerSecret, $accessTokenSecret);
//print_r($data); $curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => [
'Authorization: OAuth ' . http_build_query($data, '', ',')
]
]);
$result = curl_exec($curl); $orderData = json_decode($result,true); curl_close($curl);
echo '

';
print_r($result);
echo '
';

?> POSTMAN: enter image description here

Examples

` <?php
function sign($method, $url, $data, $consumerSecret, $tokenSecret)
{
$url = urlEncodeAsZend($url);
$data = urlEncodeAsZend(http_build_query($data, '', '&'));
$data = implode('&', [$method, $url, $data]);
$secret = implode('&', [$consumerSecret, $tokenSecret]);
return base64_encode(hash_hmac('sha256', $data, $secret, true));
}
function urlEncodeAsZend($value)
{
$encoded = rawurlencode($value);
$encoded = str_replace('%7E', '~', $encoded);
return $encoded;
}
// REPLACE WITH YOUR ACTUAL DATA OBTAINED WHILE CREATING NEW INTEGRATION

$consumerKey = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $consumerSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $accessToken = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $accessTokenSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $method = 'GET';
$url = 'http://xxxx.staging.com/rest/V1/orders/38024';

$data = [
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => md5(uniqid(rand(), true)),
'oauth_signature_method' => 'HMAC-SHA256',
'oauth_timestamp' => time(),
'oauth_token' => $accessToken,
'oauth_version' => '1.0',
];
$data['oauth_signature'] = sign($method, $url, $data, $consumerSecret, $accessTokenSecret);
//print_r($data); $curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => [
'Authorization: OAuth ' . http_build_query($data, '', ',')
]
]);
$result = curl_exec($curl); $orderData = json_decode($result,true); curl_close($curl);
echo '

';
print_r($result);
echo '
';

?>` I tried it in the PHP script with the Integration user as well as the bearer token and it did not work in both scenarios. The main thing is that the live and local environment looks fine with the same code file and DB setup.

So my concern is that, Is any configuration on server can impact on this?

Proposed solution

No response

Release note

No response

Triage and priority

m2-assistant[bot] commented 4 months ago

Hi @nilaykumardeveloper. Thank you for your report. To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:

m2-assistant[bot] commented 4 months ago

Hi @engcom-Bravo. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:

engcom-Bravo commented 4 months ago

@magento give me 2.4-develop instance

magento-deployment-service[bot] commented 4 months ago

Hi @engcom-Bravo. Thank you for your request. I'm working on Magento instance for you.

magento-deployment-service[bot] commented 4 months ago

Hi @engcom-Bravo, here is your Magento Instance: https://c323692eebc28d54fed624e12837ba86.instances-prod.magento-community.engineering Admin access: https://c323692eebc28d54fed624e12837ba86.instances-prod.magento-community.engineering/admin_d39d Login: be9e885b Password: c0b1b58ee690

engcom-Bravo commented 4 months ago

Hi @nilaykumardeveloper,

Thank you for reporting and collaboration.

Verified the issue on Magento 2.4-develop instance and the issue is reproducible.Kindly refer the attached screenshots.

Screenshot from 2024-02-07 14-20-35

We have given access for all the resources still we are getting the error.

Hence Confirming the issue.

Thanks.

github-jira-sync-bot commented 4 months ago

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-10997 is successfully created for this GitHub issue.

m2-assistant[bot] commented 4 months ago

:white_check_mark: Confirmed by @engcom-Bravo. Thank you for verifying the issue.
Issue Available: @engcom-Bravo, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

nilaykumardeveloper commented 4 months ago

Sure! If anyone has any suggestions, please let me know. Your input would be greatly appreciated.

thomas-kl1 commented 4 months ago

Related issue: https://github.com/magento/magento2/issues/36811

WCL-joejones commented 4 months ago

HI Guys

just wondering if theres any time estimation on this?

Kind Regards, Joe

bkuermayr commented 3 months ago

need a fix on this too

siliconalchemy commented 2 months ago

@engcom-Bravo - has there been any internal development on this issue, is there a workaround? It has completely broken integration with Magento for me, it's a really major bug.

luka4 commented 2 months ago

Looks like issue is related to when your storefront URL is not same as your base url at "All Stores View". For me it is still actual for 2.4.6-p4 EE

craig-bartlett commented 1 week ago

Looks like issue is related to when your storefront URL is not same as your base url at "All Stores View". For me it is still actual for 2.4.6-p4 EE

Same for me on 2.4.5-p8 CE. Base URL is fine but storefront URL throws the error.