Closed
Description
When you create a token for an admin user and have set the options (Admin Token Lifetime (hours)) to empty, you will get an access denied because the token immediately expires.
Preconditions
- Set the option Admin Token Lifetime (hours)) to empty.
Steps to reproduce
- Create admin token with /V1/integration/admin/token
- Do any other call with this token
Expected result
- get result back for given API call
Actual result
- Consumer is not authorized to access %resources
For keeping the empty feature that is wont expire, we need to add a check for the token TTL: https://github.com/magento/magento2/blob/2.2-develop/app/code/Magento/Webapi/Model/Authorization/TokenUserContext.php#L135
If I have some time I will create a pull request for this.