laura-rodriguez
commented
1 year ago Hi @MHFAtperrotti,
Thanks for reporting this issue. I'll file an internal ticket to be reviewed and prioritized by the team.
Internal Ref: OKTA-592623
Closed MHFAtperrotti closed 1 year ago
laura-rodriguez
commented
1 year ago Hi @MHFAtperrotti,
Thanks for reporting this issue. I'll file an internal ticket to be reviewed and prioritized by the team.
Internal Ref: OKTA-592623
Describe the bug?
Resetting an active Okta SMS factor using the UserFactorApi.DeleteFactorAsync with removeEnrollmentRecovery = true, the SMS factor status is set to "NOT_SETUP", but the registered phone number is not removed. As a result, when re-enrolling the SMS factor with the same phone number, the factor is set to "ACTIVE" with no passcode sent or verified.
await _userFactorApi.DeleteFactorAsync(userId, factorId, removeEnrollmentRecovery: true);Using the Reset Factor API directly with the "removeRecoveryEnrollment" query parameter successfully deletes the stored phone number.
{{url}}/api/v1/users/{{userId}}/factors/{{factorId}}?removeRecoveryEnrollment=trueWhat is expected to happen?
Using UserFactorApi.DeleteFactorAsync with removeEnrollmentRecovery = true should delete the registered phone number in addition to setting the SMS factor status to "NOT_SETUP".
What is the actual behavior?
The SMS factor status is set to "NOT_SETUP", but the registered phone number is not deleted.
Reproduction Steps?
await _userFactorApi.DeleteFactorAsync(userId, factorId, removeEnrollmentRecovery: true);{{url}}/api/v1/users/{{userId}}/factors/catalog{ "factorType": "sms", "provider": "OKTA", "vendorName": "OKTA", "_links": { "enroll": { "href": "https://dev-#####.okta.com/api/v1/users/{{userId}}/factors", "hints": { "allow": [ "POST" ] } } }, "status": "NOT_SETUP", "enrollment": "OPTIONAL", "_embedded": { "phones": [ { "id": "{{factorId}}", "profile": { "phoneNumber": "+12125551212" }, "status": "ACTIVE" } ] } }Additional Information?
UserFactorApi.DeleteFactorWithHttpInfoAsync sets the query parameter "removeEnrollmentRecovery", but the Factor API docs list the parameter as "removeRecoveryEnrollment".
localVarRequestOptions.QueryParameters.Add(Okta.Sdk.Client.ClientUtils.ParameterToMultiMap("", "removeEnrollmentRecovery", removeEnrollmentRecovery));Factors | Okta Developer https://developer.okta.com/docs/reference/api/factors/#reset-factor
.NET Version
.NET Framework 4.8.4614.0
SDK Version
6.0.6
OS version
BuildNumber Caption OSArchitecture Version 14393 Microsoft Windows Server 2016 Standard 64-bit 10.0.14393