I created an Okta user via .NET SDK by passing Base64 (post fixed) hashed password and Base64 salt string.
I computed my plain password with such salt and compared with the hashed password, they are the same. I managed to create a new user in Okta using the code below, however, I can’t use my plain password to login to Okta.
private async Task<OktaModel.User> NewOktaUser(UserApi userApi, UserInfo userInfo, string hashedPassword)
{
var saltBytes = GetSHA512Salt(hashedPassword);
var saltString = Convert.ToBase64String(saltBytes);
// Create user
var createUserReq = new OktaModel.CreateUserRequest();
createUserReq.Profile = new OktaModel.UserProfile()
{
FirstName = userInfo.FirstName,
LastName = userInfo.LastName,
Email = userInfo.EmailAddress,
Login = userInfo.Username,
AdditionalProperties = new Dictionary<string, object>() {
{ "externalObjectId", userInfo.ObjectID },
{ "externalTenantId", Config.ConfigurationManager.AppSettings["okta:PortalId"] }
}
};
createUserReq.Credentials = new OktaModel.UserCredentials()
{
Password = new OktaModel.PasswordCredential()
{
Hash = new OktaModel.PasswordCredentialHash()
{
Algorithm = OktaModel.PasswordCredentialHashAlgorithm.SHA512,
Salt = saltString,
SaltOrder = "POSTFIX",
Value = hashedPassword
}
}
};
return await userApi.CreateUserAsync(createUserReq, true);
}
Did I do anything wrong? I am thinking the hash algorithm in Okta is different to .NET?
Or if any one could provide any working example in .NET, really appreciate!