Using Postman to test login Gets Error


#1

I have successfully imported an existing user using Postman with BCrypt hashed password, and now I am trying to login using the “Primary Authentication with Trusted Application” template in Postman, and all I get is error “Bad request”.

What do I need in the post to successfully log the user in?
{
“username”: “Test123”,
“password” : “xxxxxxxxxx”,
“context”: {
“deviceToken”: “26q43Ak9Eh04p7H6Nnx0m69JqYOrfVBY”
}
}

My headers have Accept and Content-Type set to “application/json” and Authorization set to the same token I used to create the user.

Thank you,


#2

I wasn’t able to reproduce this myself. Here’s what I did:

Created a bcrypt hash via https://bcrypt-generator.com/
Hashed Testing1234! with 12 rounds, which produces:

 $2y$12$xndUzOKo.LmDQeAet4Y1yegiTznWRZBlARf.JU97iDUtLDsSR/gt2

The first 22 characters after $2y$12$ is the salt: xndUzOKo.LmDQeAet4Y1ye

I created a user with this salt and cipher text:

POST /api/v1/users?activate=true

{
  "profile": {
    "firstName": "Bcrypt",
    "lastName": "Tester",
    "email": "bcrypttester@example.com",
    "login": "bcrypttester@example.com"
  },
  "credentials": {
    "password" : {
      "hash": {
        "algorithm": "BCRYPT",
        "workFactor": 12,
        "salt": "xndUzOKo.LmDQeAet4Y1ye",
        "value": "giTznWRZBlARf.JU97iDUtLDsSR/gt2"
      }
    }
  }
}

200 OK
... user profile

Then, I tried the Primary Authentication with Trusted Application request in Postman:

POST /api/v1/authn

{
  "username": "bcrypttester@example.com",
  "password" : "Testing1234!",
  "options": {
    "multiOptionalFactorEnroll": true,
    "warnBeforePasswordExpired": true
  },  
  "context": {
    "deviceToken": "26q43Ak9Eh04p7H6Nnx0m69JqYOrfVBY"
  }
}  

200 OK
{
    "stateToken": "00r--Q2C3opQ4Vcj4eaw9UwjZYpSbDv8bqS-mxsoV4",
    ...
}

I’m not sure why you would get a bad request error. Can you post your full request trace?