Failed with doing an Authn API in Password Import Inline Hook's external application

Questions
1

Hi,

I’m trying to import users’ passwords from “org A” to “org B” by using Password Import Inline Hook. I set up an external application which will trigger the Authn API to authenticate the users’ credentials in “org A” when login to “org B”. However, the Authn API seems to be not executed. My code is shown as following:

app.post("/passwordImport", passwordImportValidation, (req, res) => {
  const credentials = req.body.data.context.credential;

  var raw = JSON.stringify({
    "username": credentials.username,
    "password": credentials.password,
  });
  
  fetch("https://<org A domain>/api/v1/authn", {
    method: 'POST',
    body: raw,
    headers: {
      "Content-Type": "application/json;charset=UTF-8",
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Methods": "POST",
      "Access-Control-Allow-Headers": "Content-Type"
    }
  })
  .then((response) => {
    if (response.status === 200) {
      return res.status(200).json({
        commands: [
          {
            type: "com.okta.action.update",
            value: {
              credential: "VERIFIED",
            },
          },
        ],
      });
    } else {
      console.log("Not verified. Password not imported.");
      return res.status(204).send();
    }
  })
  .catch(error => console.log('error', error))
});

Brief description: The code will take in the credentials when users login to “org B”. Then, it will trigger the fetch function to do the POST request of the Authn API to the “org A”. If the credentials are verified, it should return the needed res.status(200) and the command. After that, “org B” will store the credentials and the password is imported successfully.

I’m sure that my Password Import Inline Hook is set up correctly because if using a hardcoded credentials check, such as the Okta documentation example, the credentials can be imported.

If anyone has any suggestions, it might help me a lot. Thanks!

1 Like
2

It’s not quite clear from your explanation, what exactly happens wrong inside your code. Is it not triggered at all? Is it not getting to .then section or something else?

1 Like
3

Hi phi1ipp,

Thanks for the response. I think that it is not triggered the fetch function at all or it is not getting to the .then section. The credentials are passed in correctly, so I expect the fetch function will Post the Authn API to verify the credentials in “org A”. Then, it should return the “res.status(200)” with the command so that “org B” can accept the credentials and store them. However, “org B” doesn’t get the return status and the command.

4

If fetch is not triggered, then it only means one thing, you /passwordImport path is never called. Double check how you call this endpoint

5

My first thought is that as well. However, when I tried with the following code, the /passwordImport is called successfully. So I believe that I call this endpoint in a right way.

app.post("/passwordImport", passwordImportValidation, (req, res) => {
  const errors = validationResult(req);

  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }

  const credentials = req.body.data.context.credential;

  if (credentials.username === "test.hook@test.com" && credentials.password === "a1234567") {
    console.log("Password verified! Password imported.");
    return res.status(200).json({
      commands: [
        {
          type: "com.okta.action.update",
          value: {
            credential: "VERIFIED",
          },
        },
      ],
    });
  }
  
  console.log("Not verified. Password not imported.");
  return res.status(204).send();
})
6

I’d suggest to remove all the headers from the original fetch except Content-Type and Accept and try again. You can actually make this call from your browser to experiment with the headers required (don’t forget to add CORS domain into Okta), like it’s done here Authentication | Okta Developer

7

Tried it, but the fetch function is still not triggered.