"I must not fear. Fear is the mind-killer..." --Bene Gesserit Litany Against Fear

Integrations stopped working after Magento 2.4.4 upgrade

Wednesday, September 7th, 2022

Your Magento upgrade to 2.4.4 went well! Everything is working. You can place orders and login to the admin. Great, until you get an e-mail that your integrations aren't working.

{"message":"The consumer isn't authorized to access %resources.","parameters":{"resources":"Magento_Sales::actions_view"}}

Uh oh.

According to the documentation for Magento 2.4.4:

Integration tokens can no longer be used for API Bearer token authentication. Previously, an integration token could be used as a standalone key for token-based authentication. However, this behavior has been disabled by default due to the security implications of a never-expiring access token. The previous behavior can be enabled through the command line or Admin.

Magento's official answer is to grab an admin token that expires every 4 hours by default (the expiration time can be changed in the settings). To get this token, a curl request can be made to a specific Magento endpoint along with the OTP number from Google Authenticator. Then the token that gets returned can be used until it expires.

However, there is a workaround.

Magento added an option in Admin > Stores > Configuration > Services > Oauth.

Change Allow OAuth Access Tokens to be used as standalone Bearer tokens to "Yes" then flush cache.

You can also change this directly in mysql by going to the core_config_data table and setting:

path: enable_integration_as_bearer
value: 1

or at the CLI:

bin/magento config:set oauth/consumer/enable_integration_as_bearer 1

Now your Integration tokens can be used as API Bearer tokens again!

It's not as secure so only use this long enough to get all of your integrations using admin tokens. More information can be found here: https://developer.adobe.com/commerce/webapi/get-started/authentication/gs-authentication-token/

Views: 45