adyen-magento2: Customer's get payment methods endpoint shouldn't require Adyen_Payment::paymentMethods
Describe the bug It is impossible to fetch available payment methods as a customer via Rest API if the customer signed in via GQL.
To Reproduce Steps to reproduce the behavior:
- Sign in via GQL
- Use received token in the request to the
/V1/carts/mine/retrieve-adyen-payment-methods - It tells the customer is not authorized to access this source.
Expected behavior
Resource should be anonymous or maybe(?) self. Here. The customer is able to use native endpoints like GET /V1/customers/me or GET /V1/carts/mine with GQL token so they should be able to use POST /V1/carts/mine/retrieve-adyen-payment-methods too.
Magento version 2.4.3
Plugin version 8.2.5
Additional context I am conscious there is GQL approach for Adyen M2 integration but I don’t want to be one of their early adapters.
My temporary solution I am sending cartId (as hash) and customerToken from the frontend to my middleware. There I compare if the customer is owner of the cart if so - I am fetching unmasked cart ID and sending it to the endpoint but I am using newly generated integration token instead of customer token. Is it fine in your opinion?
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 16 (13 by maintainers)
Hi guys,
Based on your feedback we will be reviewing the access rights of these endpoints. However these changes may only be added on our next major release which for now is scheduled for Q1 2023. They cannot be done on the current v8, since they would be breaking for any merchants that have followed our suggestion and implemented an oath integration.
Thanks, Jean Adyen
Updated proposal:
Requests that will be done while cart is active:
Requests that will be done while cart is inactive:
Terminal requests: