search

okta / okta-sdk-python

Apache License 2.0
236 stars 142 forks source link

Okta HTTP 400 E0000001 Api validation failed: Property not found (when they are available in payload) #421

Open qbui-os opened 6 days ago

qbui-os commented 6 days ago

Okta version: 2.9.8

Descriptions

Hi, I am trying to update an Application User profile using update_application_user() but keep encountering this error:

Okta HTTP 400 E0000001 Api validation failed: assignment\nProperty 'givenName' not found. Property 'familyName' not found"

The problem is, givenName & familyName properties are already existing inside the User profile payload & not NULL. I cannot provide the payload due to customer data protection policy, but the profile looks something like this.

'profile': {'streetAddress': '',
  'zoneinfo': 'America/Los_Angeles',
  'locale': 'en-US',
  'nickname': 'aasdsad',
  'email': 'example@gmail.com',
  'locality': '',
  'givenName': 'asasc',
  'accountId': 'someId',
  'name': 'asasc aaaa',
  'phoneNumber': '',
  'userType': 'some type',
  'region': '',
  'familyName': 'aaaa'},

What I have done

  1. https://github.com/okta/okta-sdk-python?tab=readme-ov-file#update-a-user
  2. Passing the updated AppUser object to app_user param
  3. Convert the AppUser to a dict and pass the dict to app_user param
  4. Adding assignment: {givenName, familyName} property to the User dict
  5. Adding giveName and familyName directly to the User dict
  6. Adding give_name and family_name to User profile (based on sample on Okta API Doc, I thought maybe there is some sort of mapping?)
  7. I even pass the original AppUser (without modification) to app_user, still the same error
qbui-os commented 6 days ago

Also I did follow the instruction to fetch the Application User, then modify the profile, I did not generate the profile by code.

qbui-os commented 6 days ago

I tried the above steps for many hours before submitting this ticket. However, I successfully moved pass the error just now.

What I did

I simply removed all the properties in the profile that I don't wanna update (or keep the current value from Okta), and it just work?...

I only needed to change the accountId, so my successful payload was:

{'profile': {'accountId': 'newId'}}

This is REALLY confusing, because the only reason I kept the entire App User profile fetched on Okta is because of this note on the Okta API Doc:

Note: The Okta API currently doesn't support entity tags for conditional updates. As long as you're the only user updating the the user profile, Okta recommends you fetch the most recent profile with Retrieve an Application User, apply your profile update, and then POST back the updated profile.

I noticed the strange behavior while playing with the keep_empty_params flag, when I set it to True, even more properties appear in the error message (all of the existed and not null/empty, yet were reported 'not found' by the error). So I took a wild guess "less is more" and deleted all the unchanged properties and gave it one last go, and... WALAH.

My thoughts

  1. The error message is very confusing, it really had nothing to do with what was going wrong at all, all the required properties were there.
  2. The OKTA API Doc note, just why? Did I misunderstood the note, because I don't really know how else to interpret it.