okta / okta-sdk-java Goto Github PK

The status property of ResourceException does not have any documentation saying what it is. I assume this is the HTTP status code, but I prefer not to assume anything about undocumented APIs.

Meanwhile, until this documentation is added, can I get confirmation that this is indeed the HTTP status code?

@bdemers In the new version of the sdk the pagination is mentioned to be automatic.Please let me know if pagination can still be used like the previous okta sdk.

The previous version of okta sdk allowed client executing the sdk a greater flexibility to restart a batch execution from the failure point in case of network failures.

I noticed that releases are provided through GitHub but they all have the same 0.0.4-SNAPSHOT version number in the pom.xml.

Would it be possible to set a release number in the pom and update it whenever there is an official release?

Thanks,

Sam

When using the basic SDK config:

<dependency>
	<groupId>com.okta.sdk</groupId>
	<artifactId>okta-sdk-api</artifactId>
	<version>0.10.0</version>
</dependency>
<dependency>
	<groupId>com.okta.sdk</groupId>
	<artifactId>okta-sdk-impl</artifactId>
	<version>0.10.0</version>
</dependency>
<dependency>
	<groupId>com.okta.sdk</groupId>
	<artifactId>okta-sdk-httpclient</artifactId>
	<version>0.10.0</version>
	<scope>runtime</scope>
</dependency>

you get a SLF4J warning:

SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

A simple workaround (as suggested by the documentation) is to add the slf4j-nop.jar to your classpath. Once I added

<dependency>
	<groupId>org.slf4j</groupId>
	<artifactId>slf4j-nop</artifactId>
	<version>1.7.25</version>
</dependency>

to my pom.xml, I didn't see the warning message anymore.

My suggestion: Update the logging configuration, or add the above dependency to the project so this warning does not show by default.

The README shows the following code snippet for creating a new user:

return UserBuilder.INSTANCE
.setEmail(email)
.setLogin(userName)
......

However, the UserBuilder.INSTANCE is simply a single global instance:
UserBuilder INSTANCE = Classes.newInstance("com.okta.sdk.impl.resource.DefaultUserBuilder");

This can lead to all sorts of unexpected behavior. For example, if multiple threads want to create users in parallel, they would overwrite one another if they all use UserBuilder.INSTANCE at the same time.

Another problem: suppose we first use UserBuilder.INSTANCE to create an account with name=Joe. Then, we want to create a new account for a different user, but this time, the name is not specified. If we simply call UserBuilder.INSTANCE and omit calling setName, the previous value of Joe will still stick around for the second account.

It would be much preferable if I could construct a new instance of UserBuilder for each time I want to create a user, but I don't see any way to create a new instance currently.

Seeing the following when calling client.getUser("string value").

It doesn't appear that this is something I can control.

I'm assuming the client is thread safe, is it not maybe?

java.lang.IllegalArgumentException: It is expected that only ArrayProperty or SetProperty properties represent collection items.
at com.okta.sdk.lang.Assert.isTrue(Assert.java:33)
at com.okta.sdk.impl.ds.cache.WriteCacheFilter.cache(WriteCacheFilter.java:154)
at com.okta.sdk.impl.ds.cache.WriteCacheFilter.filter(WriteCacheFilter.java:73)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.cache.ReadCacheFilter.filter(ReadCacheFilter.java:53)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.DefaultDataStore.getResourceData(DefaultDataStore.java:309)
at com.okta.sdk.impl.ds.DefaultDataStore.getResource(DefaultDataStore.java:225)
at com.okta.sdk.impl.ds.DefaultDataStore.getResource(DefaultDataStore.java:213)
at com.okta.sdk.impl.client.DefaultClient.getUser(DefaultClient.java:236)

Hi. I'm migrating over from Stormpath, and am looking for the Okta equivalent of the following AuthenticateUser API.

As far as I can tell, the closest equivalent is the primary-authentication-with-public-application API.

Can you please clarify if I'm on the right track, and if the above functionality will be supported in the SDK during the next month?

We use the Events API in production to:

1. Allow customers to see logs specific to their IdP for SSO self-troubleshooting (used with a target ID obtained from the Identity Providers API)

The FactorsApiClient is gone. How do I enrol factors with the new version?

Building with maven throw an error, this dependency can't be resolved:

        <dependency>
            <groupId>com.okta.libraries.framework</groupId>
            <artifactId>aperture-reporter</artifactId>
            <version>${aperture-reporter.version}</version>
        </dependency>

Calling the authenticate API (AuthApiClient.authenticate(String,String,String)), occasionally org.apache.http.NoHttpResponseException is thrown.

It seems one possible cause is that the persistent HTTP connections are timing out on the server side but Apache HttpClient is attempting to reuse them. Although there may be several ways to fix that, if it is in fact the underlying cause, we have not been able to consistently reproduce the issue, so we cannot evaluate the effectiveness of any attempted fix.

Does anyone know a consistent way to reproduce this issue?

As a temporary workaround, we retry the call up to 3 times when a NoHttpResponseException occurs and this seems to have suppressed the problem well enough for now that it does not affect our users at least.

Looks like someone may be trying to fix it here: #23
I am interested in understanding the root cause and a way to reproduce it so we can see if any proposed fixes are working.

We often times see stuff like the snippet below in our logs. Would it be possible if the Okta servers don't respond with JSON that the operation be retried? I believe this is occurring when something really bad happens on the server side and it returns an html error message.

``
com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at [Source: org.apache.http.conn.EofSensorInputStream@22504d29; line: 1, column: 2]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._handleUnexpectedValue(UTF8StreamJsonParser.java:2689)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._nextTokenNotInObject(UTF8StreamJsonParser.java:878)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.nextToken(UTF8StreamJsonParser.java:772)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3834)
at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3756)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2123)
at com.fasterxml.jackson.core.JsonParser.readValueAs(JsonParser.java:1650)
at com.okta.sdk.framework.JsonApiClient.unmarshall(JsonApiClient.java:69)
at com.okta.sdk.framework.ApiClient.extractError(ApiClient.java:322)
at com.okta.sdk.framework.ApiClient.checkResponse(ApiClient.java:313)
at com.okta.sdk.framework.ApiClient.unmarshallResponse(ApiClient.java:286)
at com.okta.sdk.framework.ApiClient.get(ApiClient.java:156)
at com.okta.sdk.clients.UserApiClient.getUser(UserApiClient.java:146)

The site docs.okta.com is referenced in AbstractClient.java, AuthenticationScheme.java, ClientBuilder.java, and ResourceException.java.

These should either be updated to point to the correct link, or removed.

Do you have any example showing how to assign applications to a user?

The forgetPassword method in AuthApiClient does not send recovery emails, like it should.
Because of this, we cannot get the recovery token necessary for the user to perform the rest of the password reset.

The root cause is that the method is not setting the factorType, like the API call does:
"factorType": "EMAIL"

Is there a plan to add User Authentication support (via: username and password, and multi-factor validation) in the client?
https://developer.okta.com/docs/api/resources/authn.html#authentication-operations

The Javascript SDK supports this already:
https://developer.okta.com/code/javascript/okta_auth_sdk

It seems like it would be as simple as adding another method or two (e.g. authenticateUser, validateFactor) to the Client class.
https://developer.okta.com/okta-sdk-java/apidocs/com/okta/sdk/client/Client.html

We're really happy to see an active branch with the ability to create a user within a group. Is there an expected release date of an updated SDK with this functionality?

Thanks,

Sam

When adding the Advanced Search methods to the UserApiClient, the methods documented are wrong
it mentions client.getUsersWithSearch, when what was written is client.getUsersWithAdvancedSearch

I also feel this feature is significant enough that the pom.xml should be reved to reflect the difference on compile.

There appears to be no way to create a user in a specific group, i.e use: https://developer.okta.com/docs/api/resources/users.html#create-user-in-group

This makes it impossible use an api token that only has permissions to administer users in a specific group, since you must first provision a user with no group, which it is not allowed to do.

This is probably a combo of an IT and some UTs from any related changes needed.

This caching logic was lifted from stormpath/stormpath-sdk-java and depends on object HREF properties which Okta objects do NOT have. Also, cacheable objects via the REST API all have caching headers set, so we need UTs to validate those work correctly (and set the appropriate TTL)

Some of the lifted code from stormpath/stormpath-sdk-java encrypted the client secret, and only decrypted when it was accessed during a request. We need to evaluate this to see if that is still a valid strategy.

I think it would be, but I think it entails additional work as the client token is potentially available from multiple locations (ENV vars, Sys props, ClientConfiguration instance, etc). Encrypting the secret in one place doesn't seem like enough. We could null out value when the secrets are passed into the ClientCredentialResolver. (even for ENV vars, but that would require some dirty reflection)

Okta SDK should make the Authorization header more flexible if user provide then allow them user their or use the default(what Okta needs) so user don’t provide our own. The reason behind that is some users environment has additional API gateway they need to authentication against, in this case, the auth header looks like below:

Accept: application/json
Content-Type: application/json
OKTAAuthorization: SSWS {{apikey}}
Authorization: Basic {{SuperPowerBasicAuthKey}}

I have reported this enhancement to our engineer team internal

As discussed many places (here's a great StackOverflow question about it: http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords/8889285#8889285), password fields in Java should not be stored in String, as they are immutable.

The Password object should also have a clear method to destroy the string or the object after use, or should be built into the SDK to be destroyed as soon as possible.

I may also suggest to call the object something like PlaintextPassword, so developers feel sufficiently paranoid about using it. 😃

The README gives example code snippets, but there is no link to an online copy of the JavaDocs.

This site: https://developer.okta.com/code/java/

Has a link to JavaDocs but it is the old "okta-sdk" project that does not exist any more. The link directly below it "Get it on Github" links to the new current project, which a different set of classes from "okta-sdk".

Many or all of the methods on Client throw exceptions under various circumstances, but this fact is not documented at all. There needs to be documentation for all exceptions thrown so that consumers of this API can know what to handle under which circumstances and know what to do to have a stable application.

getUser
@Generated(value="com.okta.swagger.codegen.OktaJavaClientApiCodegen",
           date="2017-09-05T20:10:20.883-04:00",
           comments="GET - /api/v1/users/{userId}")
User getUser(String userId)
Parameters:
userId - (required)
Returns:
User

The ForgotPasswordResponse object returned by forgotPassword() and forgotPassword(sendEmail, userCredentials) method of the user class never has the resetPasswordUrl property initialized.

This appears to be because the backend api only return that field if sendEmail is false, but no user credentials are included in the request (as described here). This is a call that is presently impossible to make from this sdk. @bdemers Would it be possible to get a forgotPassword(sendEmail) method, or be able to include null credentials?

example:
okta-sdk-java/0.9.0-SNAPSHOT okta-sdk-java/0.9.0-SNAPSHOT jetty/9.2.22.v20170606 java/1.8.0_121 Mac OS X/10.13.1

Hello,

When i try to connect to OKTA, i get this error :

[main] INFO com.okta.sdk.framework.ApiClient - POST https://subdomain.okta.com/api/v1/users?activate=true
May 3, 2016 4:40:04 PM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.net.NoRouteToHostException) caught when processing request to {s}->https://subdomain.okta.com:443: No route to host
May 3, 2016 4:40:04 PM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {s}->https://subdomain.okta.com:443

indeed, i try to communicate whith OKTA behind a proxy server

i used JVM properties to set my proxy adresses

            System.setProperty("http.proxyHost", "ipadress");
            System.setProperty("http.proxyPort", "8080");
            System.setProperty("https.proxyHost", "ipadress");
            System.setProperty("https.proxyPort", "8080");

Apparently these lines of code are not working !

is there any way to set proxy properties using the java API ?

NB : Downloading the file from the same subdomain https://subdomain.okta.com using Java is working with this code :

    public static void download(String address, String localFileName) {
        OutputStream out = null;
        URLConnection conn = null;
        InputStream in = null;

    System.setProperty("http.proxyHost", "ipadress");
    System.setProperty("http.proxyPort", "8080");
    System.setProperty("https.proxyHost", "ipadress");
    System.setProperty("https.proxyPort", "8080");

        try {
            URL url = new URL(address);
            out = new BufferedOutputStream(new FileOutputStream(localFileName));
            conn = url.openConnection();
            in = conn.getInputStream();
            byte[] buffer = new byte[1024];

            int numRead;
            long numWritten = 0;

            while ((numRead = in.read(buffer)) != -1) {
                out.write(buffer, 0, numRead);
                numWritten += numRead;
            }

            System.out.println(localFileName + "\t" + numWritten);
        } 
        catch (Exception exception) { 
            exception.printStackTrace();
        } 
        finally {
            try {
                if (in != null) {
                    in.close();
                }
                if (out != null) {
                    out.close();
                }
            } 
            catch (IOException ioe) {
            }
        }
    }

You will find below the code returning "No route to host" error:

package okta;

import java.io.IOException;

import com.okta.sdk.clients.UserApiClient;
import com.okta.sdk.framework.ApiClientConfiguration;
import com.okta.sdk.models.users.User;

public class Main {

        public static void main(String[] args) {
        System.out.println( "Hello World!" );

        System.out.println( "Setting proxy..." );
        System.setProperty("http.proxyHost", "ipadress");
        System.setProperty("http.proxyPort", "8080");
        System.setProperty("https.proxyHost", "ipadress");
        System.setProperty("https.proxyPort", "8080");

        System.out.println( "Setting config Okta..." );
        ApiClientConfiguration oktaSettings = new ApiClientConfiguration(
                "https://subdomain.okta.com",
                "test");

        UserApiClient userApiClient = new UserApiClient(oktaSettings);

     try {
            System.out.println( "Calling Okta..." );
            User newUser = userApiClient.createUser(
                             "First",
                             "Last",
                             "[email protected]",
                             "[email protected]",
                             true);
            System.out.println( "End calling" );
        } catch (IOException e) {
            System.out.println( "KO" );
            e.printStackTrace();
        }

        System.out.println( "End" );
    }

}

Thank you in advance.

Lots of methods that result in API calls will throw a ResourceException if they fail. There is no indication from the API which methods may throw this exception.

Also ResourceException refers to http://docs.okta.com/errors/ for its error codes that does not exist.

In the following code, JsonApiClient.java:

  @Override
    protected  <T> T unmarshall(HttpResponse response, TypeReference<T> clazz) throws IOException {
        if (response.getEntity() == null || clazz.getType().equals(Void.class)) {
            EntityUtils.consume(response.getEntity());
            return null;
        }
        InputStream inputStream = response.getEntity().getContent();
        JsonParser parser = objectMapper.getFactory().createParser(inputStream);
        T toReturn = parser.readValueAs(clazz);
        EntityUtils.consume(response.getEntity());
        return toReturn;
    }

The response is not properly consumed if "parser.readValueAs(clazz)" throws an exception.

The EntityUtils.consume call should be placed in a finally block.

Hi,

I need to create some users and I need to populate profile attributes other than the standard (firstname,lastname,email,login). Is it possible to do this withe API?

For example I need to populate the employeeNumber attribute.

thanks,
Freeman

Hello,

It will be easier to check for Auth status result if the either the status is enum or static
In other words, convert AuthResult.Status to enum or have the fields of AuthResult.Status be final static

So we can write 'AuthResult.Status.SUCCESS' instead of 'new AuthResult.Status().SUCCESS'

can you publish an artifact on maven central ?

The Auth Api is missing the Cancel Transaction Call:
i.e.

public AuthResult cancelTransaction(String stateToken, String relayState) throws IOException {
    Map<String, Object> params = new HashMap<String, Object>();
    params.put(STATE_TOKEN, stateToken);
    params.put(RELAY_STATE, relayState);
    return post(getEncodedPath("/cancel"), params, new TypeReference<AuthResult>() { });
}

Getting an ArrayIndexOutOfBoundsException when building okta-sdk-impl-0.7.0.pom

Downloading: https://repo.maven.apache.org/maven2/com/okta/sdk/okta-sdk-impl/0.7.0/okta-sdk-impl-0.7.0.pom
Downloaded: https://repo.maven.apache.org/maven2/com/okta/sdk/okta-sdk-impl/0.7.0/okta-sdk-impl-0.7.0.pom (5.4 kB at 451 kB/s)
[DEBUG] Writing tracking file /Users/jonathanp/.m2/repository/com/okta/sdk/okta-sdk-impl/0.7.0/_remote.repositories
[DEBUG] Writing tracking file /Users/jonathanp/.m2/repository/com/okta/sdk/okta-sdk-impl/0.7.0/okta-sdk-impl-0.7.0.pom.lastUpdated
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.670 s
[INFO] Finished at: 2017-10-26T17:18:36-07:00
[INFO] Final Memory: 16M/302M
[INFO] ------------------------------------------------------------------------
[ERROR] 17969
java.lang.ArrayIndexOutOfBoundsException: 17969
at org.codehaus.plexus.util.xml.pull.MXParser.parsePI(MXParser.java:2502)
at org.codehaus.plexus.util.xml.pull.MXParser.parseEpilog(MXParser.java:1604)
at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl(MXParser.java:1434)
at org.codehaus.plexus.util.xml.pull.MXParser.next(MXParser.java:1131)
at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read(MavenXpp3Reader.java:3856)
at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read(MavenXpp3Reader.java:595)
at org.apache.maven.model.io.DefaultModelReader.read(DefaultModelReader.java:109)
at org.apache.maven.model.io.DefaultModelReader.read(DefaultModelReader.java:82)
at org.apache.maven.model.building.DefaultModelProcessor.read(DefaultModelProcessor.java:81)
at org.apache.maven.model.building.DefaultModelBuilder.readModel(DefaultModelBuilder.java:535)
at org.apache.maven.model.building.DefaultModelBuilder.build(DefaultModelBuilder.java:275)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:321)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:199)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.resolveCachedArtifactDescriptor(DefaultDependencyCollector.java:544)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.getArtifactDescriptorResult(DefaultDependencyCollector.java:528)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:418)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:372)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:360)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.doRecurse(DefaultDependencyCollector.java:513)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:467)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:372)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:360)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:263)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(DefaultRepositorySystem.java:325)
at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:169)
at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.getDependencies(LifecycleDependencyResolver.java:195)
at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.resolveProjectDependencies(LifecycleDependencyResolver.java:127)
at org.apache.maven.lifecycle.internal.MojoExecutor.ensureDependenciesAreResolved(MojoExecutor.java:246)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:200)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)

Is there any way to have case insensitive? thanks

Can you please dd the support to it?

Currently we just have user.profile.get("...") which returns an Object
We could add util methods for the supported Okta types

Is it possible to add an existing user to an existing application? I can get the user and application from the SDK, but I don't see a way to link them.

Changing okta-aws-cli.iml to have LANGUAGE_LEVEL="JDK_1_8" and compiler.xml as follows will allow it to build and run against aws-java-sdk-1.11.128.jar. I've not tested it thoroughly, yet.

    <bytecodeTargetLevel>
      <module name="okta-aws-cli" source="1.8" />
      <module name="okta-aws-cli" target="1.8" />
    </bytecodeTargetLevel>

To reproduce:

1. Create a user and add some custom profile attribute, in my case the attribute is a string named "uuid"
2. POST to /api/v1/users/:id following the example given here https://developer.okta.com/docs/api/resources/users.html#update-user
3. See that the custom profile attribute has been cleared out/set to null

I created an issue in the stormpath-sdk-java repository thinking that the implementation of that SDK had a bug, but after circumventing that SDK entirely to make Okta API calls, I am still getting this behavior.

Our user profiles include a uuid that is important for our current authorization system. Currently all attempts to reset a password clears out all custom properties from our user profiles. POST vs PUT does not make a difference, the uuid is always cleared out of the profile.

This is how I'm performing the update: okta_user_update.txt

There are a couple of TODOs in the spec tests after the latest updates to the source 'har' files that need to be resolved.

I am iterating through a list of Factors for a user and attempting to use .getFactorType() but am always getting the following error:

Here are more screenshots to show this Factor should not be throwing the error.

There seems to be an error in the SDK :)
Thank you so much!

Nathan

Hello,

We were having some issues creating SMS factors because there doesn't seem to be a builder or direct way to instantiate the SMSFactor object. We found the Client.instantiate method and that seems to work, but this is not mentioned anywhere in documentation or examples, so just wanted to confirm that this is the correct way to do this for SMSFactor and I am guessing other objects as well.

Thank you

I would like to get the custom user profile attribute described here http://developer.okta.com/docs/api/resources/users.html#custom-profile-properties. Is there any way to get it using the API?

• Remove on remote har file repo
• Remove ITs usage of collection size (not stable, instead of initial size +1 just call a get on the expected resource)
• Group Rule ITs should not query the group membership, this is an async task, and is already covered by tests on for the backend

Can I use it to develop app with okta saml 2.0 sso? If not, please provide a right pointer where I can find examples and supported libraries.

We use the Identity Providers API in production to:

1. Allow customers to create and update their IdPs with necessary security restrictions from our application for SSO self-enrolment.
2. Allow customers to see logs specific to their IdP for SSO self-troubleshooting (used to get target ID for use with Events API)

The various status strings in AuthResult.Status cannot be referenced as they are non-static and cannot be referenced from a static context (e.g. directly as AuthResult.Status.SUCCESS). In order to be used, a new instance of AuthResult.Status would have to be instantiated.

I am migrating over from Stormpath and I was looking into the forgot password API. I think it would be helpful to add an API endpoint to allow an admin to get a user using a password reset token.

Currently (with Stormpath's Password Reset Flow), I can generate a token and send a custom email with a password reset link that contains the token. The user can enter a new password on a custom form and then I can make another API request using just the token and the new password to reset the user's password.

Okta, however, requires that users have a recovery question and answer set in order to reset the password in their Forgot Password Flow. Apparently, the Stormpath migration generates a random question and random answer as users are being imported. I can do the same as well for my new users, but that would require storing the random answer in my database which I do not want to do.

A quick workaround would be to add an API endpoint that would allow admins to get the corresponding user for a reset password token. Then, I can use the update user API to set the user's password.

Does this proposed API endpoint make sense? Or does anyone have a better suggestion (hack) to reset a user's password without requiring a recovery question and answer?