I’m using the curl call here: Users | Okta Developer to create a user in my dev okta account with a hashed password. Okta returns that the user was created and the user appears in the “Directory” > “People” list. The account status is “Active”.
However, when I try to login to the dev okta account using that user and the password that was used it doesn’t work. The logs show “INVALID_CREDENTIALS”. Does okta change the password somehow after the user is created, or is there something else that could be blocking this account from logging in?
I am sending the curl request from a php script, and our passwords use sha-256 encoding . I saw this page that explains how to handle sha-256, but it uses examples in python: The Ultimate Guide to Password Hashing in Okta | Okta Developer In my php script I’ve tried sending the salt and value as-is, with base64_encode($salt), and with base64_decode(base64_encode($salt)) (trying to follow the python example), and nothing worked.
$url = $base_url . '/api/v1/users?activate=' . $activate;
$headers = $this->standard_curl_headers;
$data = array();
$data['profile'] = array(
'firstName' => $first_name,
'lastName' => $last_name,
'login' => $login,
'email' => $email,
);
$data['credentials']['password']['hash'] = array(
'algorithm' => $algorithm,
'salt' => base64_decode(base64_encode($salt)),
'value' => base64_decode(base64_encode($hash_pass)),
);
if($salt_order){
$data['credentials']['password']['hash']['saltOrder'] = $salt_order;
}
unset($ch);
$ch = curl_init($url);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$curl_options = $this->get_standard_curl_options(array());
curl_setopt_array($ch, $curl_options);
$return = curl_exec($ch);
curl_close($ch);