custom auth strategy 403 error

[dani-hdr]

Hi
I Wanted to use custom auth strategy . but i get 403 forbidden error when i want to login on the client
this my code :
strategies: [
{
name: 'otp',
authenticate: async ({ payload, headers }) => {

      const usersQuery = await payload.find({
        collection: 'customers',
        overrideAccess:true,
        where: {
          phone: {
            equals: headers.get('phone'),
          },
         
        },
      })
    
     
      const user = usersQuery.docs[0] || null
      if (!user) return { user: null }
    
      return {
       
        user: {
          ...user,
          _strategy: `customers-otp`,
          collection: 'customers',
        },
      }
     
    },
  },
],

and this is my fetch request
const res = await fetch(${process.env.NEXT_PUBLIC_SERVER_URL}/api/customers/login, {
method: 'POST',
credentials:'include',
headers: {
'Content-Type': 'application/json',

  },
  body: JSON.stringify({
    phone,
  
  }),
})