When Bootsrapping the Commerce Engine during installation of XC 9.0.2, I go the following error:
Upon investigating the Commerce Engine log file, I found the exact error:
ERROR CommerceController.OnActionExecuting.Forbidden: User not allowed for action /commerceops/Bootstrap()
In order to understand this error, you need to understand how calls to the Commerce engine are authenticated and authorized.
Authentication & Authorization in Commerce Engine
Before making the call to Bootstrap, we need to get a bearer access token for our Sitecore user. This is the Sitecore user that we have specified in the Deploy-Sitecore-Commerce.ps1 installation script. The access token is obtained by making a request to the Sitecore Identiy Server with the above mentioned Sitecore user credentials. Once we have the access token, we need to make the Bootstrap call to the Commerce Engine by adding an Authorization header containing the bearer access token that we got from the Identity Server. The authorization token allows the Commerce Engine to determine whether you are allowed to make that specific request of not, i.e. are you authorized for that action or not. If you want to learn more about security in XC9, have a look at the ‘bearer token authentication’ section of the DevOps guide.
Don’t worry- you won’t need to this manually as the installation scripts take care of this. But in order to decipher this error, it is important to understand what is happening under the hood.
So basically, the 403 error is telling me that something is wrong with the Sitecore user’s authorization. I went into the Sitecore User Manager, and saw the user was an Administrator, but did not have any roles assigned. Gotcha!
Fix It Please
I assigned the Commerce Administrator role to the user and just like that, all was good.