Get help on Discord

Sanity SSO broken after media plugin install: 401 Unauthorized ACL error

14 replies
Last updated: Jun 15, 2021
I have a sanity installation setup with SSO which has worked great for the last 6 months. Today i installed the media plugin (https://www.sanity.io/plugins/sanity-plugin-media ) and now things really don’t work anymore. Right after login i am greeted with an error prompt saying: “Error: Unauthorized - User must be a member of this project to perform this operation”. From the console output and network log, it looks like this error is due to a HTTP 401 response after a call to https://PROJECT_ID.api.sanity.io/v2021-06-07/projects/PROJECT_ID/datasets/DATASET_NAME/acl?tag=sanity.studio.acl.get I am running the latest version of sanity (ran sanity upgrade). Editing is completely broken and giving me an error message of: “undefined is not an object (evaluating ‘currentUser.roles.length’)“. Any suggestions on where to go from here?
AI Update

This looks like a bug that was already reported and fixed back in June 2021. Based on the discussion thread I found, here's what happened and how it was resolved:

The issue you're experiencing was caused by an incompatibility between Sanity's SSO implementation and how the Studio was handling user roles. When using SSO with third-party login tokens, the currentUser object has a role property (as a string, like "editor"), but the Studio code was expecting a roles property (as an array).

This caused the error "undefined is not an object (evaluating 'currentUser.roles.length')" in the PermissionCheckBanner component when trying to access currentUser.roles.length.

The good news: This was fixed by the Sanity team within about a day of being reported. There were actually two bugs:

  1. The roles vs role property mismatch (causing the "currentUser.roles.length" error)
  2. A 500 error on the /acl endpoint due to system groups having an unexpected shape

Both were patched and released.

What you should do:

  1. Update your Sanity packages - Run npm update or yarn upgrade to ensure you have the latest versions, particularly @sanity/desk-tool (or @sanity/structure in Studio v3+)

  2. Clear your node_modules and reinstall - Sometimes a clean install helps:

    rm -rf node_modules package-lock.json
npm install

  3. Check your Studio version - If you're still on Studio v2, consider upgrading to Studio v3 (now v4 is available), as these older bugs are definitely resolved in newer versions. Run sanity upgrade to get the latest versions.

  4. Verify your SSO token generation - Make sure your SSO implementation is following the current third-party login documentation and that your tokens are being generated correctly.

If you're still experiencing this issue after updating, it might be a different problem with similar symptoms. The fact that it appeared right after installing the media plugin is likely coincidental - the plugin installation probably just triggered a Studio refresh that exposed an underlying version mismatch.

If problems persist after updating, I'd recommend reaching out to Sanity's community on Discord with your current Studio version and package.json dependencies so the team can help troubleshoot further.

Show original thread
14 replies
Hey
user F
– this seems like more of an ACL / auth issue rather than something tied specifically to the plugin
That said (and just spitballing here):
- Does the issue still persist when you uninstall 
sanity-plugin-media
- Are you seeing the issue locally or on a deployed studio? 
- If you are seeing this locally, have you tried running 
sanity logout
and then 
sanity login
? (It could be the case you’re logged into another project’s Studio)
Yes, i agree, but just wanted to mention it in case it was related somehow. Seeing this locally, so i will try it in an test environment. 
sanity login
doesn’t really work with SSO, since there is no “SSO” option.
So, i did a little more digging. Initial finding is that the “desk tool” still crashes when i go to open/edit a document. The error output is from 
PermissionCheckBanner
and it now says: “Cannot read property ‘length’ of undefined”. This is the line which fails :
var plural = (currentUser === null || currentUser === void 0 ? void 0 : currentUser.roles.length) !== 1;
Adding a console log i see that currentUser does not have a 
roles
property, but instead a 
role
property with the value of 
editor
as a string.
And the 
role
property with a value of 
editor
i assume is linked to this guide: https://www.sanity.io/docs/third-party-login#generating-sanity-tokens-ca87073af0ca So somewhere, an array must be added perhaps instead of a string? :)
This is on v 2.11.1 of the desk-tool by the way
Ahhh, this makes sense. Thanks for digging into it, will see if we can add a fix for this asap
I think this should be fixed now, could you give it a try?
Well, things have changed so it seems editing works, but i now get a 500 internal server error when Sanity Studio loads the previous mentioned 
/acl
url
🕵️‍♂️ I'm seeing a bug where system groups has an unexpected shape - one that doesn't have a 
members
array. Pushing out a fix shortly
Fix should be out now 👍
Fix should be out now 👍
Yes, looking and working great now. Thanks 🙂
Awesome, thanks so much for reporting 🙏
Awesome, thanks so much for reporting 🙏

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?