Creating user through api works but can't login

I’m using the curl call here: Users | Okta Developer to create a user in my dev okta account with a hashed password. Okta returns that the user was created and the user appears in the “Directory” > “People” list. The account status is “Active”.

However, when I try to login to the dev okta account using that user and the password that was used it doesn’t work. The logs show “INVALID_CREDENTIALS”. Does okta change the password somehow after the user is created, or is there something else that could be blocking this account from logging in?

I am sending the curl request from a php script, and our passwords use sha-256 encoding . I saw this page that explains how to handle sha-256, but it uses examples in python: The Ultimate Guide to Password Hashing in Okta | Okta Developer In my php script I’ve tried sending the salt and value as-is, with base64_encode($salt), and with base64_decode(base64_encode($salt)) (trying to follow the python example), and nothing worked.

			$url = $base_url . '/api/v1/users?activate=' . $activate;

			$headers = $this->standard_curl_headers;
			$data = array();
			$data['profile'] = array(
				'firstName' => $first_name,
				'lastName' => $last_name,
				'login' => $login,
				'email' => $email,
			$data['credentials']['password']['hash'] = array(
				'algorithm' => $algorithm,
				'salt'  => base64_decode(base64_encode($salt)),
				'value'  => base64_decode(base64_encode($hash_pass)),
				$data['credentials']['password']['hash']['saltOrder'] = $salt_order;
			$ch = curl_init($url);
			curl_setopt($ch, CURLINFO_HEADER_OUT, true);
			curl_setopt($ch, CURLOPT_HEADER, 0);
			curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
			curl_setopt($ch, CURLOPT_POST, 1);
			curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
			$curl_options = $this->get_standard_curl_options(array());
			curl_setopt_array($ch, $curl_options);
			$return = curl_exec($ch);

It turned out the issue with with the hash() php function when it hashes the password. We just had to set the 3rd option to return binary to true and it’s working now.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.