search

okta / okta-sdk-php

PHP SDK for the Okta API
Apache License 2.0
38 stars 71 forks source link

Unable to activate a deactivated user #73

Closed LarryBarker closed 4 years ago

LarryBarker commented 4 years ago

I am trying to manage users by deactivating their Okta account from my custom web app. I can make the call using the SDK to deactivate the user; however, when I try to reactivate them, I am getting errors that the resource does not exist.

The code below works to deactivate the user:

try {
            $user = new \Okta\Users\User();
            $foundUser = $user->get($model->okta_id);
            $foundUser->endAllSessions(true);
            $foundUser->deactivate();
        } catch (Exception $e) {
            $this->handleError($e);
        }

This code below to activate the user is failing:

try {
            $userToRestore = User::withTrashed()->find($recordId);
            $user = new \Okta\Users\User();
            $foundUser = $user->get(/*OKTA_ID*/);
            $foundUser->activate();
        } catch (Exception $e) {
            $this->handleError($e);
        }

which produces the following error: image

I have been able to use the suspend() method on the Okta\Users\User class, although I would prefer to deactivate the account so I can send an activation email when the user is re-activated.

@bretterer Do you have any thoughts?

Thanks!

bretterer commented 4 years ago

As best as I can tell, your method is correct for doing this. Are you positive that the id does still exist in your organization after deactivation? is there something that may be changing the id in your local database when you go to find the user?

The way Users work in Okta, you have to deactivate a user before deleting them, this is why we have a deactivate method. https://github.com/okta/okta-sdk-php/blob/aeaeb83076beea99891390f547500c77517516b5/src/Generated/Users/User.php#L524

In order to delete a user, you would have to actually make two calls, one to deactivate and the second to delete, as the tests do for this https://github.com/okta/okta-sdk-php/blob/develop/tests/Integration/UsersTest.php#L61

I would confirm that the user id that you get back from User::withTrashed()->find($recordId); is in fact the same id you get from $user->get($model->okta_id) before your deactivate call

LarryBarker commented 4 years ago

@bretterer I'm certain the user exists in the organization. The only request I am making is to deactivate the user, as described in my code sample above. Here is a screen of the deactivated user Seems to be working now, not sure what was going on before. Do you have any thoughts on my question below?

I have a similar issue regarding creating new users from our custom web app. Is it possible to "create" the user in our organization without sending the activation email? We want to "stage" users in the organization and use a queue worker to fire off the activation emails.

bretterer commented 4 years ago

The User object's create method allows for you to pass query params into it

https://github.com/okta/okta-sdk-php/blob/develop/src/Generated/Users/User.php#L41

This would mean you could do something like User::create(['activate'=>false]) which should not send activation emails by default.

LarryBarker commented 4 years ago

Ah, I see what our issue is. We’re using v1.0 of the SDK which doesn’t include this parameter for creating users.

bretterer commented 4 years ago

@LarBearrr - Doing some repo cleanup, and it appears this issue is in fact resolved with the updated SDK. If you are still having this issue, please feel free to re-open the report.