cancel
Showing results for 
Search instead for 
Did you mean: 

The consumer isn't authorized to access %resources

The consumer isn't authorized to access %resources

Hi,

 

I have Magento 2.3.2 installed on localhost with PHP 7.1.3 on a CentOS 7 distribution. I'm developing an integration with Magento using REST API.

 

I have created an Integration in the Magento store with access to ALL the resources. I also have a user role with access to all the resources, where is included an user.

 

Well, a few days ago, I succesfully get the orders of the Magento marketplace from a php script using the access token generated when the Integration was created. Like this:

$token = "token";

$ch = curl_init("http://x.x.x.x/index.php/rest/V1/orders?searchCriteria=all");
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Authorization: Bearer " . json_decode($token)));

$result = curl_exec($ch);

$result = json_decode($result, 1);
var_dump($result);

But now, a error is returned in the response:


array(3) {
["message"]=>
string(51) "The consumer isn't authorized to access %resources."
["parameters"]=>
array(1) {
["resources"]=>
string(27) "Magento_Sales::actions_view"
}
["trace"]=> ...

 

I have tested the request on Postman with the same url and the same token and the request woks fine and return the correct response. The same if I make a curl request by command line.

 

I have changed the endpoint request to get products and it return the existings products in the response:

$token = "token";

$ch = curl_init("http://x.x.x.x/index.php/rest/V1/products?searchCriteria=all");
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Authorization: Bearer " . json_decode($token)));

$result = curl_exec($ch);

$result = json_decode($result, 1);
var_dump($result);

There are other endpoints, as customers, that also return the error 'The customer isn't authorized to access %resources', in this case Magento_customers::.

 

I have checked de database table authorization_rule and Magento_Backend::all have permission to 'allow'.

 

I have trying differents options that I found in the forum for the same error but nothing works...

Someone have any idea? Thanks in advance!

8 REPLIES 8

Re: The consumer isn't authorized to access %resources

Hi @tury_electro 

 

Make sure that you have assigned correct admin user role for the admin user. And in that user role you have given permission to access all nodes. 

Go throught once below link :

https://devdocs.magento.com/guides/v2.3/get-started/authentication/gs-authentication-token.html

Verify once user role and authentication token.


Or may be your session (auth token) expires.

You can increase session lifetime as well.


I hope it will help you!. 

Re: The consumer isn't authorized to access %resources

Hello @tury_electro,

Please try this link https://magento.stackexchange.com/questions/244602/consumer-is-not-authorized-to-access-resources-ma... .

I hope it will work. If still you face same issue, please let me know.

If it helps you, please accept it as solution and give kudos.

Regards.

Re: The consumer isn't authorized to access %resources

Hi,

 

Definitely, something happens with the user access resources permissions. I have commented the line in /var/www/html/magento2/app/code/Magento/Webapi/Controller/Rest/RequestValidator.php where is the method checkPermissions()and like this, the orders api request works always, obviusly.

 

If I uncomment that line and using POSTMAN with Integration access token works perfect, but if i use the api call throught the php script 'the customer isn't authorized...'.

 

The user role have access to all resources... I also have tryed with a new user role only with access to sales resources and it also fails with the same error.

 

I have no idea... any more ideas?
Thanks!

Re: The consumer isn't authorized to access %resources

HI @tury_electro,

There may be something wrong with curl parameters, if it is working with Postman. 

Try to export PHP curl script from postman for the same request and try once. 

Might be it help you!

Re: The consumer isn't authorized to access %resources

I get it. The token was already decoded and I was using json_decode($token), that returned an incorrect value for the authentication.

 

Thanks!

Re: The consumer isn't authorized to access %resources

Hi @tury_electro,

Great... Glad to know that... How you figure out it? 

Re: The consumer isn't authorized to access %resources

{
    "message""The consumer isn't authorized to access %resources.",
    "parameters": {
        "resources""Magento_Sales::actions_view"
    }
}
 
 
Hi,i am facing magento_sales APi issue,Could you please help me on this.

Re: The consumer isn't authorized to access %resources

Hi @tury_electro 

You need to check your token, may be your token has expired that's why it is showing you "The consumer isn't authorized to access"  

Just create a new token and pass it to your script. Or call an api for creating access token each time when  you run script.

 

I hope this will resolve your problem.