Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: API request with x-medusa-access-token header always returns Unauthorized #10691

Open
amunrarara opened this issue Dec 21, 2024 · 3 comments

Comments

@amunrarara
Copy link

Package.json file

{
  "name": "medusa-starter-default",
  "version": "0.0.1",
  "description": "A starter for Medusa projects.",
  "author": "Medusa (https://medusajs.com)",
  "license": "MIT",
  "keywords": [
    "sqlite",
    "postgres",
    "typescript",
    "ecommerce",
    "headless",
    "medusa"
  ],
  "scripts": {
    "build": "medusa build",
    "seed": "medusa exec ./src/scripts/seed.ts",
    "start": "medusa start",
    "dev": "medusa develop",
    "test:integration:http": "TEST_TYPE=integration:http NODE_OPTIONS=--experimental-vm-modules jest --silent=false --runInBand --forceExit",
    "test:integration:modules": "TEST_TYPE=integration:modules NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit",
    "test:unit": "TEST_TYPE=unit NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit"
  },
  "dependencies": {
    "@medusajs/admin-sdk": "2.1.2",
    "@medusajs/cli": "2.1.2",
    "@medusajs/framework": "2.1.2",
    "@medusajs/medusa": "2.1.2",
    "@mikro-orm/core": "5.9.7",
    "@mikro-orm/knex": "5.9.7",
    "@mikro-orm/migrations": "5.9.7",
    "@mikro-orm/postgresql": "5.9.7",
    "@nostrify/nostrify": "npm:@jsr/nostrify__nostrify",
    "awilix": "^8.0.1",
    "nostr-tools": "^2.10.4",
    "pg": "^8.13.0",
    "ws": "^8.18.0"
  },
  "devDependencies": {
    "@medusajs/test-utils": "2.1.2",
    "@mikro-orm/cli": "5.9.7",
    "@swc/core": "1.5.7",
    "@swc/jest": "^0.2.36",
    "@types/jest": "^29.5.13",
    "@types/node": "^20.0.0",
    "@types/react": "^18.3.2",
    "@types/react-dom": "^18.2.25",
    "@types/ws": "^8.5.13",
    "jest": "^29.7.0",
    "prop-types": "^15.8.1",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "ts-node": "^10.9.2",
    "typescript": "^5.6.2",
    "vite": "^5.2.11"
  },
  "engines": {
    "node": ">=20"
  }
}

Node.js version

v20.10.0

Database and its version

PostgreSQL (default with npx create-medusa-app@latest on 12/17/24)

Operating system name and version

MacOS Sonoma 14.5 (23F79)

Browser name

Arc

What happended?

The API Keys that I generate via the Medusa Admin web app do not authorize my Admin API requests.

Expected behavior

❯ curl --request GET
--url http://localhost:9000/admin/custom
--header 'x-medusa-access-token: REDACTED' \

Should respond 200

Actual behavior

❯ curl --request GET
--url http://localhost:9000/admin/custom
--header 'x-medusa-access-token: REDACTED' \

{"message":"Unauthorized"}%

Link to reproduction repo

https://github.com/amunrarara/medusa-auth-header-bug

@acandael
Copy link

I'm having kind of the same issue here. I'm following along the Medusa tutorial in the docs. I'm at the stage where a brand is add via curl.
When I execute the curl command, I get a {"message": "Unautherized"} response:

curl -X POST 'http://localhost:9000/admin/brands'
-H 'Content-Type: application/json'
-H 'Authorization: Bearer {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rvcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEiLCJhY3Rvcl90eXBlIjoidXNlciIsImF1dGhfaWRlbnRpdHlfaWQiOiJhdXRoaWRfMDFKRlBZUTAwWTY5OFFaU1k2WUc4WFQ1UE0iLCJhcHBfbWV0YWRhdGEiOnsidXNlcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEifSwiaWF0IjoxNzM0ODgwNjU5LCJleHAiOjE3MzQ5NjcwNTl9.-FPoOpoTq2C1z4u9Pk6wZja_NnBADU-Twx-ihOtvAtY"}'
--data '{
"name": "Acme"
}'
{"message":"Unauthorized"}%

@matteoxplo
Copy link
Contributor

matteoxplo commented Dec 23, 2024

I'm having kind of the same issue here. I'm following along the Medusa tutorial in the docs. I'm at the stage where a brand is add via curl. When I execute the curl command, I get a {"message": "Unautherized"} response:

curl -X POST 'http://localhost:9000/admin/brands' -H 'Content-Type: application/json' -H 'Authorization: Bearer {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rvcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEiLCJhY3Rvcl90eXBlIjoidXNlciIsImF1dGhfaWRlbnRpdHlfaWQiOiJhdXRoaWRfMDFKRlBZUTAwWTY5OFFaU1k2WUc4WFQ1UE0iLCJhcHBfbWV0YWRhdGEiOnsidXNlcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEifSwiaWF0IjoxNzM0ODgwNjU5LCJleHAiOjE3MzQ5NjcwNTl9.-FPoOpoTq2C1z4u9Pk6wZja_NnBADU-Twx-ihOtvAtY"}' --data '{ "name": "Acme" }' {"message":"Unauthorized"}%

you need to use only the token in the header, without " or {}.
e.g.

curl -X POST 'http://localhost:9000/admin/brands'
-H 'Content-Type: application/json'
-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rvcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEiLCJhY3Rvcl90eXBlIjoidXNlciIsImF1dGhfaWRlbnRpdHlfaWQiOiJhdXRoaWRfMDFKRlBZUTAwWTY5OFFaU1k2WUc4WFQ1UE0iLCJhcHBfbWV0YWRhdGEiOnsidXNlcl9pZCI6InVzZXJfMDFKRlBZUFpZU1kySkhWQ0g2TTY3Q1RXMTEifSwiaWF0IjoxNzM0ODgwNjU5LCJleHAiOjE3MzQ5NjcwNTl9.-FPoOpoTq2C1z4u9Pk6wZja_NnBADU-Twx-ihOtvAtY"}'
--data '{
"name": "Acme"
}'

@shahednasser
Copy link
Member

The API Keys that I generate via the Medusa Admin web app

Hello, can you specify exactly how you created this api key?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants