Good morning everyone! When I'm making a request f...

Payload-Bot

last month

Good morning everyone! When I'm making a request from a third party website, say Webflow, and I want to make it as a logged in user, how would I go about that? I have a user collection that can only be updated by the user themselves, and I have tried passing the token in many forms but I always get access denied.

const response = await fetch(

${url}/api/users/${userId}

, {
        method: 'PATCH',
        headers: {
          "Content-Type": 'application/json',
          "Authorization":

Bearer ${token}

,
          "Cookie":

payload-token=${token}

,
        },
          accept: 'application/json',
          body: body,
          token: token,
         });

Token is the token returned by the login function, that is run right before this fetch

Original message from @shisue - Moved from https://discord.com/channels/967097582721572934/967097582721572937/1166387330605645844 (in #general)

dribbens
Payload Team
last month
Hey @shisue

Try changing the "Authorization" header to
JWT ${token}
instead of
Bearer ${token}
.

I don't think the Cookie is doing anything, could try without that also.
shisue
last month
Like so?

const response = await fetch(
${url}/api/users/${userId}
, { method: 'PATCH', headers: { "Content-Type": 'application/json', "Authorization":
JWT ${token}
, }, accept: 'application/json', body: body, });

That still didn't work

My validation works as follows:

import { Access } from 'payload/config';

export const isAdminOrSelf: Access = ({ req: { user } }) => { // Need to be logged in if (user) { if (user.roles?.includes('admin')) { return true; } // If any other type of user, only provide access to themselves return { id: { equals: user.id, }, }; } // Reject everyone else return false; };

I checked for token and userId both being valid, and I get a proper response back:

{"userId":"6537d55f2611dba8e2ff8d3a","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3Q0QHRlc3QudGVzdCIsImlkIjoiNjUzN2Q1NWYyNjExZGJhOGUyZmY4ZDNhIiwiY29sbGVjdGlvbiI6InVzZXJzIiwicm9sZXMiOlsidXNlciJdLCJpYXQiOjE2OTgxNTkwNDEsImV4cCI6MTY5ODE2NjI0MX0.rPM5poLd040ZRg9y94osJVOF8_0x9XlRc7f6jhvOm9Y","expiration":1699857207141}
dribbens
Payload Team
last month
Are you getting a CORS error? Requests from another domain need to be explicitly added to the cors array in your config.
shisue
last month
I'm not, I'm just getting the access error

I've already added the webflow domain

I think I migh be onto something, one second

Issue might not be here, but on the login token storage

Also, I've added a payment method a few days ago but the error message of "add a payment method" still appears on the payload website

There we go, it works now. The issue was the storage somehow got lost in the event handler

Thanks!
dribbens
Payload Team
last month
🎉

Open the post

Continue the discussion in Discord

Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.