react-paypal-js
react-paypal-js copied to clipboard
paypal
[BUG]: Permission Denied Error when Accessing Order Details with facilitatorAccessToken
Is there an existing issue for this?
- [X] I have searched the existing issues.
🐞 Describe the Bug
Previously, I utilized the facilitatorAccessToken as a token to retrieve order details once it was captured. However, when attempting to make a GET request to /v2/checkout/orders/<order id>, the response received is "PERMISSION_DENIED"
😕 Current Behavior
The use of the facilitatorAccessToken for accessing order details results in a "PERMISSION_DENIED" response when making a GET request to /v2/checkout/orders/<order id>
🤔 Expected Behavior
The facilitatorAccessToken should grant the necessary permissions to successfully retrieve order details via a GET request to /v2/checkout/orders/<order id>
🔬 Minimal Reproduction
1. Capture an order.
2. Attempt to access order details using the `facilitatorAccessToken` with a GET request to /v2/checkout/orders/<order id>.
3. Observe the "PERMISSION_DENIED" response.
4. Confirm that using an oauth2 token allows successful access to the order details.
🌍 Environment
| Software | Version(s) |
| ---------------- | ---------- |
| react-paypal-js | ^7.8.2 |
| Browser | Edge,Chrome |
| Operating System | Windows, MacOs |
Relevant log output
{
"additional_properties": "xxxxxx",
"body": {
"debug_id": "dd424ba13911e",
"details": [
{
"description": "You do not have permission to access or perform operations on this resource.",
"issue": "PERMISSION_DENIED"
}
],
"links": [
{
"href": "https://developer.paypal.com/docs/api/orders/v2/#error-PERMISSION_DENIED",
"rel": "information_link"
}
],
"message": "Authorization failed due to insufficient permissions.",
"name": "NOT_AUTHORIZED"
},
"duration_time": "xxxxxx",
"header": {
"APPLICATION_ID": "APP-5F685449DT731915P",
"Access-Control-Expose-Headers": "xxxxxx",
"BORDER-IP": "xxxxxx",
"CALLER_ACCT_NUM": "BZ9EENDPVUNSW",
"Date": "Tue, 09 Jan 2024 02:43:06 GMT",
"Keep-Alive": "xxxxxx",
"PROCESSING-IP": "xxxxxx",
"SERVER_INFO": "xxxxxx",
"Server-Timing": "xxxxxx",
"paypal-debug-id": "dd424ba13911e"
},
"status": 403
}
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
➕ Anything else?
No response
Do you mind sharing more details about how you are obtaining the facilitatorAccessToken and how you are making the request to /orders/v2?
It looks like your integration might be creating and capturing the order using the client-side helpers actions.order.create and actions.order.capture but then requesting /v2/orders without the client-side helpers.
One way to solve the 403 issue is to migrate to a server-side integration:
- generate a full scope access token (example)
- create the order (client example) (server example)
- you will then be able to request
/v2/ordersendpoints with the access token obtained in step 1 with anAuthorization: Bearer <token here>header.
Let us know if this is not the case and we can take another look, thank you @jecsham!
Yes, I've been utilizing the client-side helper, particularly the onApprove function.
The facilitatorAccessToken provided access to the order details for that specific order. Now that it doesn't work, I've implemented a similar approach as you recommended. However, I'm curious about the current purpose of the facilitatorAccessToken. Could you please clarify? 🤔
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closing this issue after a prolonged period of inactivity. If this issue is still present in the latest release, please create a new issue with up-to-date information. Thank you!