Problem specifying accessToken in prismic-configuration.js

[ashelley]

Specifying the accessToken in prismic-configuration.js has no effect.

To enable this app to use your permanent access_token you have to specify it in the apiEndPoint url manually.

For example:

var Configuration = {
  // -- API endpoint
  apiEndpoint: 'https://rtashelley.prismic.io/api',

  // -- Access token if the Master is not open
  accessToken: 'myaccesstoken',
....

accessToken in the above configuration is never used by the code.

If you specify it like this:

var Configuration = {
  // -- API endpoint
  apiEndpoint: 'https://rtashelley.prismic.io/api?access_token=myaccesstoken',

  // -- Access token if the Master is not open
  //accessToken: 'notused',
....

this works an enables you to use your repository.

The reason for this is that in prismic-helpers.js it never uses the accessToken variable from the configuration. See this code:

        getApiHome: function(callback) {
            Prismic.Api(Configuration.apiEndpoint, callback, sessionStorage.getItem('ACCESS_TOKEN'));
        },

Note that the access token from the configuration isn't the access token in the session storage. For this code to work it would need to look something like:

        getApiHome: function(callback) {
            var url = Configuration.apiEndpoint;
            if(Configuration.accessToken) {
                  url += "?access_token=" + Configuration.accessToken;
            }
            Prismic.Api(url, callback, sessionStorage.getItem('ACCESS_TOKEN'));
        },

[srenault]

In fact, using a permanent access token on client side isn't secured at all. That why, we don't have to allow it. Instead, we provide another oauth process to generate a temporarily access token from a client_id.