Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

The consumer isn’t authorized to access %resources. Magento 2.4.5-p1 on staging environment

by |Published

In the testing environment, it gives below errors,

{
"message": "The consumer isn't authorized to access %resources.",
"parameters": {
    "resources": "Magento_Sales::actions_view"
},
"trace": "#0 /var/www/html/vendor/magento/module-webapi/Controller/Rest/RequestValidator.php(68): Magento\Webapi\Controller\Rest\RequestValidator->checkPermissions()n#1 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest\RequestValidator->validate()n#2 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->___callParent('validate', Array)n#3 /var/www/html/vendor/paypal/module-braintree-core/Plugin/RestValidationPlugin.php(86): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->Magento\Framework\Interception\{closure}()n#4 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(135): PayPal\Braintree\Plugin\RestValidationPlugin->aroundValidate(Object(Magento\Webapi\Controller\Rest\RequestValidator\Interceptor), Object(Closure))n#5 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->Magento\Framework\Interception\{closure}()n#6 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/RequestValidator/Interceptor.php(23): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->___callPlugins('validate', Array, NULL)n#7 /var/www/html/vendor/magento/module-webapi/Controller/Rest/InputParamsResolver.php(108): Magento\Webapi\Controller\Rest\RequestValidator\Interceptor->validate()n#8 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest\InputParamsResolver->resolve()n#9 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->___callParent('resolve', Array)n#10 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->Magento\Framework\Interception\{closure}()n#11 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/InputParamsResolver/Interceptor.php(23): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->___callPlugins('resolve', Array, Array)n#12 /var/www/html/vendor/magento/module-webapi/Controller/Rest/SynchronousRequestProcessor.php(85): Magento\Webapi\Controller\Rest\InputParamsResolver\Interceptor->resolve()n#13 /var/www/html/vendor/magento/module-webapi/Controller/Rest.php(195): Magento\Webapi\Controller\Rest\SynchronousRequestProcessor->process(Object(Magento\Framework\Webapi\Rest\Request\Proxy))n#14 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(58): Magento\Webapi\Controller\Rest->dispatch(Object(Magento\Framework\App\Request\Http))n#15 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(138): Magento\Webapi\Controller\Rest\Interceptor->___callParent('dispatch', Array)n#16 /var/www/html/vendor/magento/framework/Interception/Interceptor.php(153): Magento\Webapi\Controller\Rest\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))n#17 /var/www/html/generated/code/Magento/Webapi/Controller/Rest/Interceptor.php(23): Magento\Webapi\Controller\Rest\Interceptor->___callPlugins('dispatch', Array, Array)n#18 /var/www/html/vendor/magento/framework/App/Http.php(116): Magento\Webapi\Controller\Rest\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))n#19 /var/www/html/vendor/magento/framework/App/Bootstrap.php(264): Magento\Framework\App\Http->launch()n#20 /var/www/html/pub/index.php(30): Magento\Framework\App\Bootstrap->run(Object(Magento\Framework\App\Http\Interceptor))n#21 {main}"

}

Its already Yes in: Allow OAuth Access Tokens.

I tried it in PHP script with Integration user as well as bearer token and not working in both scenario. The main thing is that live and local environment looks fine with same code file and DB setup.

So my concern is that, Is any configuration on server can impact on this?

PHP script:

<?php

function sign($method, $url, $data, $consumerSecret, $tokenSecret)
{
$url = urlEncodeAsZend($url);
$data = urlEncodeAsZend(http_build_query($data, ”, ‘&’));
$data = implode(‘&’, [$method, $url, $data]);
$secret = implode(‘&’, [$consumerSecret, $tokenSecret]);
return base64_encode(hash_hmac(‘sha256’, $data, $secret, true));
}
function urlEncodeAsZend($value)
{
$encoded = rawurlencode($value);
$encoded = str_replace(‘%7E’, ‘~’, $encoded);
return $encoded;
}
// REPLACE WITH YOUR ACTUAL DATA OBTAINED WHILE CREATING NEW INTEGRATION

$consumerKey = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$consumerSecret = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$accessToken = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$accessTokenSecret = ‘XXXXXXXXXXXXXXXXXXXXXXXXXXX’;
$method = ‘GET’;
$url = ‘http://xxxx.staging.com/rest/V1/orders/38024’;

$data = [
‘oauth_consumer_key’ => $consumerKey,
‘oauth_nonce’ => md5(uniqid(rand(), true)),
‘oauth_signature_method’ => ‘HMAC-SHA256’,
‘oauth_timestamp’ => time(),
‘oauth_token’ => $accessToken,
‘oauth_version’ => ‘1.0’,
];
$data[‘oauth_signature’] = sign($method, $url, $data, $consumerSecret, $accessTokenSecret);
//print_r($data);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => [
‘Authorization: OAuth ‘ . http_build_query($data, ”, ‘,’)
]
]);
$result = curl_exec($curl);
$orderData = json_decode($result,true);
curl_close($curl);
echo ‘

';
print_r($result);
echo '

‘;

?>
POSTMAN:
enter image description here

You may also like