因此,我尝试代表使用 Paypal Oauth2 登录的客户获取发票。
当我尝试使用带有有效令牌的curl时
curl -v -X GET https://api-m.paypal.com/v2/invoicing/invoices\?total_required\=true \
-H 'Authorization: Bearer <ACCESS_TOKEN>' \
-H 'Content-Type: application/json'
我的许可被拒绝
{"localizedMessage":"No permission for the requested operation. ","suppressed":[],"name":"PERMISSION_DENIED","message":"No permission for the requested operation. ","details":[{"field":null,"value":null,"location":null,"issue":"No permission for the requested operation. ","description":null}],"information_link":"https://developer.paypal.com/docs/classic/products/permissions/","debug_id":"3b3e0813dca9f"}%
这是有道理的,因为我没有包含令牌的响应对象的权限
{
"scope": "https://uri.paypal.com/services/checkout/one-click-with-merchant-issued-token https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/payments/payment/authcapture openid profile https://uri.paypal.com/services/payments/refund https://api.paypal.com/v1/vault/credit-card https://uri.paypal.com/services/reporting/search/read https://api.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks https://uri.paypal.com/services/paypalattributes email",
"access_token": "MY_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 28800,
"refresh_token": "MY_REFRESH_TOKEN",
"nonce": "2023-09-08T19:49:05abcdefghijklmn",
"state": "some-state"
}
这让我想知道为什么在开始 Oauth 流程之前我已经尝试了发票范围的每种组合,它们是:
let SCOPES:string[] = [
...
"https://uri.paypal.com/services/invoicing/invoices/readwrite",
"https://uri.paypal.com/services/invoicing/invoices/read",
"https://uri.paypal.com/services/invoicing",
"https://uri.paypal.com/services/.*",
"https://uri.paypal.com/v2/invoicing/invoices",
"https://uri.paypal.com/v2/invoicing/invoices/.*",
...
]
我在这里缺少什么?我在哪里可以找到所有最新的可用范围,以及我在网上找到的所有内容
我发现了问题。问题有2倍。