AI OnAI Off
it means that to access the signup action, the user must has one of the roles
CommerceRoles.Customers, CommerceRoles.CommerceAdmins, Roles.Administrators
what roles does your account have
Thank you for your reply Quan.
I am testing via Postman , and using client credentials grant type while sending scopes and not authorization code grant type.
is it possible to work with client credentials grant type?
That signup is endpoint for administrators.
You want to use the me endpoint. To get anonymous token you need to add the anonymous_id scope shown here. Then to get token see here.
If you want to get working with client credentials you will need to add handler to onsignin to add Adminstrators or Customers role the claimsidentity
Hello, I am trying to use OpenIDDict with the Commerce Content Delivery Api. I have setup an OpenIDConnectApplication as shown:
and my CommerceAPI :
I have configured postman to use client_credentials grant type and had my token ready.
I then went ahead and called the api:
api/episerver/v3.0/customers/signup
what I got is a 403 Forbidden error.
I went into the commerce api customer controller and looked up the endpoint:
I saw this policy they have on this endpoint episerver:com:customers. I am not sure what that policy is. It's causing a 403 error, yet I am not sure what to provide for it.
Could someone please shed a light on this?
Anyhelp is appreciated, and thanks in advance.