Verifying password updates

[LarryBarker]

@bretterer Sorry to trouble you again with another question. I'm noticing that user's can make a request to update their password, and that in some cases the request fails because the password does not meet the criteria.

My issue is that I am not able to catch any exceptions to provide feedback to the user. Here is my code:

                $user = new \Okta\Users\User();
                $oktaUser = $user->get($this->user->okta_id);
                $credentials = new \Okta\Users\UserCredentials();

                $passwordCredential = new \Okta\Users\PasswordCredential();
                $passwordCredential->setValue(input('User[password]'));
                $credentials->setPassword($passwordCredential);

                $oktaUser->setCredentials($credentials);
                Log::info("Updated password for {$this->user->email}.");
            } catch (Exception $e) {
                Log::error("Failed updating password for {$this->user->email}. \r\n {$e->getMessage()}");
            }

I know this works to change the password as long as it meets the criteria. However, anytime I try using an invalid password, the code does not fail, and there are logs indicating the call was successful.

I looked at the user tests but did not see any clear indication of how to handle this use case? Your feedback is always appreciated! Thank you!

[bretterer]

Hi @LarryBarker!

Thanks for reporting this. I have not seen this error before so I will have to look into it. We are currently in the process of updating our SDK with all sorts of new endpoints and features. During this, I will make sure to create a test around this to make sure that it does not happen in the future.

For your issues now, I will have to dig into what is going on here and see if there is a workaround.

Is this a blocker for your project, or is this something you can work around until we find a resolution, or figure out what is happening here?

-Brian

[LarryBarker]

It’s not a huge blocker, I don’t know how many users are trying to change passwords in our app anyway. More of an inconvenience, because if they do attempt to change it to something that is not meeting criteria, I can’t confirm the request failed and let them know.

I’m getting around it by using form validation in Laravel, and specifying the requirements and validation rules.

Obviously it’d be much nicer to catch the response and use it to inform the user, vs keeping validation rules in sync with the policy.

I know you’re working on the SDK, excited to see what changes you have!

Thanks, Larry

[github-actions[bot]]

This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale label.