[BUG] Reset Password is not working
See original GitHub issueSummary
When using “Reset Password” the app returns the error “Your access-token is invalid and could not be used to identify the API client.”. This happens regardless if the email is known to the system or not.
Steps To Reproduce
- open https://pwa-kit.mobify-storefront.com/en-GB/login
- click “Forgot Password!”
- enter valid email
- click “Reset Password”
- see the error “Your access-token is invalid and could not be used to identify the API client.”
Expected result
- no error message
Actual result
- error message “Your access-token is invalid and could not be used to identify the API client.”
System Information (as applicable)
Browser: Chrome Version 97.0.4692.99 Node version: pwa-kit version: 1.3 Desktop OS: Mobile Device Info:
Happens on the official test system, on our test system and locally.
Additional information
I tried to trace down this to myself but was not successful.
It seems that the underlying call
https://{{short_code}}.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/{{organization_id}}/customers/password/actions/create-reset-token?siteId={{site_id}}
is executed with the SLAS token and this does not work. I can reproduce the same error in Postman.
The documentation actually says to use the AM based token (https://account.demandware.com/dwsso/oauth2/access_token
). But this did also not work for me and returns
“Your access-token is valid, but you have no permissions to access the resource.”.
The related OCAPI permission is set but there is no related AuthZ Scope that could be set.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (1 by maintainers)
Top GitHub Comments
To offer an alternative, you can also bridge the current API gap using OCAPI hooks.
https://github.com/SalesforceCommerceCloud/ocapi_hooks_collection shows how to do this.
dw.ocapi.shop.customers.password_reset.afterPOST
to send a password reset email.dw.ocapi.shop.auth.beforePOST
to accept the reset token and attempt to set the users password.You can review the tests for the basic flow:
https://github.com/SalesforceCommerceCloud/ocapi_hooks_collection/blob/main/test/integration/ocapi/04_passwordReset.js
I’m going to leave this issue open until we’ve resolved it in the default generated PWA.
Hello @stm-dschulz Thank you for the feedback. We will be looking into this in the first half of 2023.