From 2c8df078a15999fd67ec41c379237af3cac61868 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 26 Apr 2026 13:59:52 +0000
Subject: [PATCH 1/2] Initial plan


From 46d38622a560b4841afbf2b034de0f399476d76d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 26 Apr 2026 14:14:41 +0000
Subject: [PATCH 2/2] Fix IsApiFrontAuthenticated to use AuthenticateAsync
 instead of endpoint metadata

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/8cd5622c-507d-4e12-9bec-6ba9d652cf52

Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>
---
 .../Services/ApiAuthenticationService.cs             | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs b/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
index bf7e9bfe5..04cbfaabf 100644
--- a/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
+++ b/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
@@ -5,7 +5,6 @@
 using Grand.Infrastructure.Configuration;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Net.Http.Headers;
 
@@ -35,7 +34,7 @@ public virtual async Task<Customer> GetAuthenticatedCustomer()
         if (string.IsNullOrEmpty(authHeader))
             return null;
 
-        if (IsApiFrontAuthenticated())
+        if (await IsApiFrontAuthenticated())
         {
             customer = await ApiCustomer();
             return customer;
@@ -56,13 +55,10 @@ public virtual async Task<Customer> GetAuthenticatedCustomer()
 
         return customer;
     }
-    private bool IsApiFrontAuthenticated()
+    private async Task<bool> IsApiFrontAuthenticated()
     {
-        var endpoint = _httpContextAccessor.HttpContext.GetEndpoint();
-        if (endpoint == null) return false;
-
-        var authorizeAttributes = endpoint.Metadata.GetOrderedMetadata<AuthorizeAttribute>();
-        return authorizeAttributes.Any(attr => attr.AuthenticationSchemes?.Contains(FrontendAPIConfig.AuthenticationScheme) == true);
+        var authResult = await _httpContextAccessor.HttpContext.AuthenticateAsync(FrontendAPIConfig.AuthenticationScheme);
+        return authResult.Succeeded;
     }