Closed renanboni closed 2 weeks ago
BJR-developer
commented
3 weeks ago I got that same issues! even if I use JWT token as Authorization Bearer "jwt_token" for creating a product or any kind of authorization things that's related to vendors. not working! it's saying {message:"Unauthorized"}
renanboni
commented
3 weeks ago I now understand the use of the auth_identify table. However, when the create admin workflow is called:
await createVendorAdminWorkflow(req.scope)
.run({
input: {
admin: {
...admin,
vendor_id: vendor[0].id,
},
authIdentityId: req.auth_context.auth_identity_id,
},
})auth_identity_id is null.
An error is thrown but still the vendor is added to the database (the vendor_admin is not)
sradevski
commented
3 weeks ago Hey all, we currently have a bit unexpected behavior, where if an auth identity doesn't exist we try to create it, even if you go through the login page. We will be cleaning the UX around this very soon.
olivermrbl
commented
2 weeks ago The auth APIs changed in #8683. See PR description.
Bug report
Describe the bug
Following the marketplace recipe (https://docs.medusajs.com/v2/resources/recipes/marketplace/examples/vendors) to the point where we have to authenticate the vendor (I don't get how we can authenticate it if it hasn't been created yet) using the following endpoint:
http://localhost:9000/auth/vendor/emailpass
It doesn't matter what email I pass in, as long as the password is "supersecret" then a jwtToken will be returned.
There are no users in the database that match that email.
System information
Medusa version: 2.0.4 - preview
Steps to reproduce the behavior
Make a POST request to the following endpoint http://localhost:9000/auth/vendor/emailpass and observe that it returns a jwtToken regardless of the email.
Screenshots
Additional context
I don't know if the recipe tutorial is up to date, if not that might be reason then.