Good morning everyone! When I'm making a request from a third party website, say Webflow, and I want to make it as a logged in user, how would I go about that? I have a user collection that can only be updated by the user themselves, and I have tried passing the token in many forms but I always get access denied.
const response = await fetch(
${url}/api/users/${userId}
, {
method: 'PATCH',
headers: {
"Content-Type": 'application/json',
"Authorization":
Bearer ${token}
,
"Cookie":
payload-token=${token}
,
},
accept: 'application/json',
body: body,
token: token,
});
Token is the token returned by the login function, that is run right before this fetch
Hey @shisue
Try changing the "Authorization" header to
JWT ${token}
instead of
Bearer ${token}
.
I don't think the Cookie is doing anything, could try without that also.
Like so?
const response = await fetch(
${url}/api/users/${userId}
, {
method: 'PATCH',
headers: {
"Content-Type": 'application/json',
"Authorization":
JWT ${token}
,
},
accept: 'application/json',
body: body,
});
That still didn't work
My validation works as follows:
import { Access } from 'payload/config';
export const isAdminOrSelf: Access = ({ req: { user } }) => {
// Need to be logged in
if (user) {
if (user.roles?.includes('admin')) {
return true;
}
// If any other type of user, only provide access to themselves
return {
id: {
equals: user.id,
},
};
}
// Reject everyone else
return false;
};
I checked for token and userId both being valid, and I get a proper response back:
{"userId":"6537d55f2611dba8e2ff8d3a","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3Q0QHRlc3QudGVzdCIsImlkIjoiNjUzN2Q1NWYyNjExZGJhOGUyZmY4ZDNhIiwiY29sbGVjdGlvbiI6InVzZXJzIiwicm9sZXMiOlsidXNlciJdLCJpYXQiOjE2OTgxNTkwNDEsImV4cCI6MTY5ODE2NjI0MX0.rPM5poLd040ZRg9y94osJVOF8_0x9XlRc7f6jhvOm9Y","expiration":1699857207141}
Are you getting a CORS error? Requests from another domain need to be explicitly added to the cors array in your config.
I'm not, I'm just getting the access error
I've already added the webflow domain
I think I migh be onto something, one second
Issue might not be here, but on the login token storage
Also, I've added a payment method a few days ago but the error message of "add a payment method" still appears on the payload website
There we go, it works now. The issue was the storage somehow got lost in the event handler
Thanks!
🎉
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.