search

medusajs / medusa

The world's most flexible commerce platform.
https://medusajs.com
MIT License
26.27k stars 2.67k forks source link

[Bug]: For Jwt auth #10240

Closed hans642 closed 1 week ago

hans642 commented 1 week ago

Package.json file

{
  "name": "medusa-starter-default",
  "version": "0.0.1",
  "description": "A starter for Medusa projects.",
  "author": "Medusa (https://medusajs.com)",
  "license": "MIT",
  "keywords": [
    "sqlite",
    "postgres",
    "typescript",
    "ecommerce",
    "headless",
    "medusa"
  ],
  "scripts": {
    "build": "medusa build",
    "seed": "medusa exec ./src/scripts/seed.ts",
    "start": "medusa start",
    "dev": "medusa develop",
    "test:integration:http": "TEST_TYPE=integration:http NODE_OPTIONS=--experimental-vm-modules jest --silent=false --runInBand --forceExit",
    "test:integration:modules": "TEST_TYPE=integration:modules NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit",
    "test:unit": "TEST_TYPE=unit NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit"
  },
  "dependencies": {
    "@medusajs/admin-sdk": "latest",
    "@medusajs/cli": "latest",
    "@medusajs/framework": "latest",
    "@medusajs/medusa": "latest",
    "@mikro-orm/core": "5.9.7",
    "@mikro-orm/knex": "5.9.7",
    "@mikro-orm/migrations": "5.9.7",
    "@mikro-orm/postgresql": "5.9.7",
    "awilix": "^8.0.1",
    "pg": "^8.13.0",
    "liquidjs": "^10.17.0"
  },
  "devDependencies": {
    "@medusajs/test-utils": "latest",
    "@mikro-orm/cli": "5.9.7",
    "@swc/core": "1.5.7",
    "@swc/jest": "^0.2.36",
    "@types/jest": "^29.5.13",
    "@types/node": "^20.0.0",
    "@types/react": "^18.3.2",
    "@types/react-dom": "^18.2.25",
    "jest": "^29.7.0",
    "prop-types": "^15.8.1",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "ts-node": "^10.9.2",
    "typescript": "^5.6.2",
    "vite": "^5.2.11"
  },
  "engines": {
    "node": ">=20"
  }
}

Node.js version

v20.15.1

Database and its version

16.4

Operating system name and version

macOS 15.1

Browser name

No response

What happended?

When i use auth get token and the use this token get info will show Unauthorized

➜  ~ curl -X POST 'http://localhost:9000/auth/customer/emailpass' \
-H 'Content-Type: application/json' \
-d '{
  "email": "test@example.com",
  "password": "password"
}'
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rvcl9pZCI6IiIsImFjdG9yX3R5cGUiOiJjdXN0b21lciIsImF1dGhfaWRlbnRpdHlfaWQiOiJhdXRoaWRfMDFKREJEOVFYV1A0NjVYVFEwTUhUTlRCRFYiLCJhcHBfbWV0YWRhdGEiOnt9LCJpYXQiOjE3MzIzMzU2MjMsImV4cCI6MTczMjQyMjAyM30.SHaAkdWdaN2ZzfksEwOBS8L6UdqHCrO2PPsU3cRmBHM"}
➜  ~ curl -X GET 'http://localhost:9000/store/customers/me' \
-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rvcl9pZCI6IiIsImFjdG9yX3R5cGUiOiJjdXN0b21lciIsImF1dGhfaWRlbnRpdHlfaWQiOiJhdXRoaWRfMDFKREJEOVFYV1A0NjVYVFEwTUhUTlRCRFYiLCJhcHBfbWV0YWRhdGEiOnt9LCJpYXQiOjE3MzIzMzU2MjMsImV4cCI6MTczMjQyMjAyM30.SHaAkdWdaN2ZzfksEwOBS8L6UdqHCrO2PPsU3cRmBHM' \
-H 'x-publishable-api-key: pk_c53a66992bcfe0627544163a90d6380b5eb56aca78cff77d1499a638c5f26c13'
{"message":"Unauthorized"}

please help check, reference: https://docs.medusajs.com/api/store#authentication

Expected behavior

Can got correct info

Actual behavior

Will show Unauthorized

Link to reproduction repo

medusa(v2)

olivermrbl commented 1 week ago

@hans642, just to be sure, your credentials match a registered customer right?

hans642 commented 1 week ago

@hans642, just to be sure, your credentials match a registered customer right?

yes, use email and password can get the token, so credentials is matched

olivermrbl commented 1 week ago

use email and password can get the token, so credentials is matched

You'll receive a token if the credentials match any identity, but that doesn't necessarily mean you have access to all authenticated endpoints. The identity need to be associated with the correct actor.

For example, if you are signed up as a user with these credentials, you will still receive a 200 + token when you call: POST 'http://localhost:9000/auth/customer/emailpass', but you won't be able to use the token to authenticate as a customer.

Can I get you to ensure your credentials match a customer, not a user?

hans642 commented 1 week ago

use email and password can get the token, so credentials is matched

You'll receive a token if the credentials match any identity, but that doesn't necessarily mean you have access to all authenticated endpoints. The identity need to be associated with the correct actor.

For example, if you are signed up as a user with these credentials, you will still receive a 200 + token when you call: POST 'http://localhost:9000/auth/customer/emailpass', but you won't be able to use the token to authenticate as a customer.

Can I get you to ensure your credentials match a customer, not a user?

Thank you very much, i think i found the root case, a user or a customer all will return token, but the token info is different: Here is a user, not actor_id and customer_id

{
  "actor_id": "",
  "actor_type": "customer",
  "auth_identity_id": "authid_01JDBD9QXWP465XTQ0MHTNTBDV",
  "app_metadata": {},
  "iat": 1732335623,
  "exp": 1732422023
}

Here is a customer:

{
  "actor_id": "cus_01JDHFF3YDHW9754Z7VMT9YM29",
  "actor_type": "customer",
  "auth_identity_id": "authid_01JDHFDVB55G4AXSDVSFTHRWX2",
  "app_metadata": {
    "customer_id": "cus_01JDHFF3YDHW9754Z7VMT9YM29"
  },
  "iat": 1732532263,
  "exp": 1732618663
}

May i know if a user already record in database and user don't know the token, how to become a customer?

olivermrbl commented 1 week ago

May i know if a user already record in database and user don't know the token, how to become a customer?

It depends on the flow, but in the scenario where you are registered as a user and want to use the same identity as a customer, you would do:

Authenticate

POST /auth/customer/emailpass
{ ...credentials }

Create customer

POST /store/customers
{ email: "..." }
{ authorization: Bearer ... }