Good morning everyone! When I'm making a request f...

default discord avatar
Payload-Bot
last month
5

Good morning everyone! When I'm making a request from a third party website, say Webflow, and I want to make it as a logged in user, how would I go about that? I have a user collection that can only be updated by the user themselves, and I have tried passing the token in many forms but I always get access denied.



const response = await fetch(

${url}/api/users/${userId}

, { method: 'PATCH', headers: { "Content-Type": 'application/json', "Authorization":

Bearer ${token}

, "Cookie":

payload-token=${token}

, }, accept: 'application/json', body: body, token: token, });

Token is the token returned by the login function, that is run right before this fetch



Original message from @shisue - Moved from https://discord.com/channels/967097582721572934/967097582721572937/1166387330605645844 (in #general)
  • discord user avatar
    dribbens
    Payload Team
    last month

    Hey @shisue


    Try changing the "Authorization" header to

    JWT ${token}

    instead of

    Bearer ${token}

    .



    I don't think the Cookie is doing anything, could try without that also.

  • default discord avatar
    shisue
    last month

    Like so?



    const response = await fetch(

    ${url}/api/users/${userId}

    , { method: 'PATCH', headers: { "Content-Type": 'application/json', "Authorization":

    JWT ${token}

    , }, accept: 'application/json', body: body, });

    That still didn't work



    My validation works as follows:



    import { Access } from 'payload/config';



    export const isAdminOrSelf: Access = ({ req: { user } }) => { // Need to be logged in if (user) { if (user.roles?.includes('admin')) { return true; } // If any other type of user, only provide access to themselves return { id: { equals: user.id, }, }; } // Reject everyone else return false; };


    I checked for token and userId both being valid, and I get a proper response back:



    {"userId":"6537d55f2611dba8e2ff8d3a","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3Q0QHRlc3QudGVzdCIsImlkIjoiNjUzN2Q1NWYyNjExZGJhOGUyZmY4ZDNhIiwiY29sbGVjdGlvbiI6InVzZXJzIiwicm9sZXMiOlsidXNlciJdLCJpYXQiOjE2OTgxNTkwNDEsImV4cCI6MTY5ODE2NjI0MX0.rPM5poLd040ZRg9y94osJVOF8_0x9XlRc7f6jhvOm9Y","expiration":1699857207141}
  • discord user avatar
    dribbens
    Payload Team
    last month

    Are you getting a CORS error? Requests from another domain need to be explicitly added to the cors array in your config.

  • default discord avatar
    shisue
    last month

    I'm not, I'm just getting the access error





    I've already added the webflow domain



    I think I migh be onto something, one second



    Issue might not be here, but on the login token storage



    Also, I've added a payment method a few days ago but the error message of "add a payment method" still appears on the payload website



    There we go, it works now. The issue was the storage somehow got lost in the event handler



    Thanks!

    image.png
  • discord user avatar
    dribbens
    Payload Team
    last month

    🎉

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.