TechQA.

Asgardeo UserManagementAPI: Inconsistent Error in Asgardeo Create User/Bulk Create User

69 views Asked by At

We were trying to create a user in Asgardeo using UserManagementAPI

POST https://api.asgardeo.io/t/asgardeo/scim2/Bulk Request Body:

{
  "failOnErrors": 0,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:BulkRequest"
  ],
  "Operations": [
    {
      "method": "POST",
      "bulkId": "ezYkd",
      "path": "/Users",
      "data": {
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User"
        ],
        "userName": "DEFAULT/[email protected]",
        "emails": [
          {
            "primary": true,
            "value": "[email protected]"
          }
        ],
        "name": {
          "familyName": "Olie",
          "givenName": "Santos"
        },
        "urn:scim:wso2:schema": {
          "askPassword": true
        }
      }
    }
  ]
}

Response Body:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:BulkResponse"
  ],
  "Operations": [
    {
      "bulkId": "ezYkd",
      "method": "POST",
      "response": "{\"schemas\":[\"urn:ietf:params:scim:api:messages:2.0:Error\"],\"scimType\":\"invalidValue\",\"detail\":\"The minimum length of password should be 8.\",\"status\":\"400\"}",
      "status": {
        "code": 400
      }
    }
  ]
}

However if you try the same request on POST https://api.asgardeo.io/t/asgardeo/scim2/Users Request Body:

{
  "userName": "DEFAULT/[email protected]",
  "emails": [
    {
      "primary": true,
      "value": "[email protected]"
    }
  ],
  "name": {
    "familyName": "Olie",
    "givenName": "Santos"
  },
  "urn:scim:wso2:schema": {
    "askPassword": true
  }
}

Response Body:

{
  "emails": [
    "[email protected]"
  ],
  "meta": {
    "created": "2023-03-21T00:46:31.404271Z",
    "location": "https://api.asgardeo.io/t/ascension/scim2/Users/6f355967-706d-4b08-b1a0-633a8bccd151",
    "lastModified": "2023-03-21T00:46:31.727462Z",
    "resourceType": "User"
  },
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
    "urn:scim:wso2:schema"
  ],
  "roles": [
    {
      "display": "everyone",
      "value": "7e044e9c-7b9b-47bf-b542-098362f8ac86",
      "$ref": "https://api.asgardeo.io/t/ascension/scim2/Roles/7e044e9c-7b9b-47bf-b542-098362f8ac86"
    }
  ],
  "name": {
    "givenName": "Santos",
    "familyName": "Olie"
  },
  "id": "6f355967-706d-4b08-b1a0-633a8bccd151",
  "userName": "DEFAULT/[email protected]",
  "urn:scim:wso2:schema": {
    "accountLocked": "true",
    "accountState": "PENDING_AP",
    "lockedReason": "PENDING_ASK_PASSWORD",
    "userSource": "DEFAULT",
    "idpType": "Local",
    "isReadOnlyUser": "false"
  }
}

What is weird is, when we successfully create a user using the Users Endpoint, we can now create a user using the Bulk Endpoint POST https://api.asgardeo.io/t/asgardeo/scim2/Bulk Request Body:

{
  "failOnErrors": 0,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:BulkRequest"
  ],
  "Operations": [
    {
      "method": "POST",
      "bulkId": "ezYkd",
      "path": "/Users",
      "data": {
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User"
        ],
        "userName": "DEFAULT/[email protected]",
        "emails": [
          {
            "primary": true,
            "value": "[email protected]"
          }
        ],
        "name": {
          "familyName": "Olie+1",
          "givenName": "Santos"
        },
        "urn:scim:wso2:schema": {
          "askPassword": true
        }
      }
    }
  ]
}

Response Body:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:BulkResponse"
  ],
  "Operations": [
    {
      "bulkId": "ezYkd",
      "method": "POST",
      "location": "https://api.asgardeo.io/t/ascension/scim2/Users/a13a6e05-ed92-4071-87a9-aeeaede4fd30",
      "status": {
        "code": 201
      }
    }
  ]
}

We were expecting that on the initial call to POST https://api.asgardeo.io/t/asgardeo/scim2/Bulk would already successfully create the user instead of having to call the Users Endpoint Request Body:

{
  "failOnErrors": 0,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:BulkRequest"
  ],
  "Operations": [
    {
      "method": "POST",
      "bulkId": "ezYkd",
      "path": "/Users",
      "data": {
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User"
        ],
        "userName": "DEFAULT/[email protected]",
        "emails": [
          {
            "primary": true,
            "value": "[email protected]"
          }
        ],
        "name": {
          "familyName": "Olie",
          "givenName": "Santos"
        },
        "urn:scim:wso2:schema": {
          "askPassword": true
        }
      }
    }
  ]
}
wso2-asgardeo
Original Q&A
1

There are 1 answers

0
Deshan Koswatte On

This issue might be caused due to the fact that we generate a random password for a user if he/she is created with the askPassword option. Basically what happens is as follows:

  • User creation request is initiated with the askPassword option.
  • Since the askPassword option is available in the request, Asgardeo generates a random password for that user.
  • Unfortunately, sometimes the randomly generated password might not adhere to the password policy defined in the Asgardeo side hence causing this issue.

We will need to check this behavior further to confirm the above. If the above mentioned is the reason, we should possibly add a suitable fix for it. We will keep you updated on this thread.

Related Questions in WSO2-ASGARDEO

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions