500 error when validating OTP code

By: Joe Smith user 02 Jan 2022 at 10:25 p.m. CST

4 Responses
Joe Smith gravatar
## expected behavior returns 400 or 200 response to handle ## actual behavior returns "code: FAILURE" I am managing users in my own database. Some users enroll multiple devices, others only one. All ports are open and CORS is correctly configured. Steps to reproduce: - Create user via SCIM API - Request QR code via Enrollments API (/casa/rest/enrollment/otp/qr-request) with user - Validate code via Enrollments API (casa/rest/enrollment/otp/validate-code) Last step returns 500 error. This is very hit and miss. Sometimes it works, sometimes it doesnt.
Gluu 4.3 Ubuntu 20.0
closed

Answers

By Mobarak Hosen Shakil staff 03 Jan 2022 at 10:07 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Joe Smith, Can you explain a bit more? any logs to share? I could not understand what do you mean by **own database**! is that opendj? Regards ~ Shakil

By Jose Gonzalez staff 04 Jan 2022 at 4:05 p.m. CST

Copy
Jose Gonzalez gravatar
He must be talking about Casa enrollment API... definitely he could have done a better job describing the issue Joe, if you can collect some sample parameters for both calls (qr-request and validate-code) that result in failure, we might study what's wrong. So far, I can say that `"code: FAILURE"` may be caused by: - `mode` param different than `hotp` or `totp` - `key` param not being properly URL-encoded. This is important because the value is passed in the query string. This is a PHP [example](https://www.php.net/manual/en/function.urlencode.php)

By Joe Smith user 20 Jan 2022 at 7:31 p.m. CST

Copy
Joe Smith gravatar
Getting the QR code (qr-request) works just fine without fail (thanks!) Here is more info for the validate-code "VALIDATE CODE" "https://gluuserver.com/casa/rest/enrollment/otp/validate-code?mode=totp&code=123123&key=79WUORGsq+uxIT/UDZD516F4fRo=" @Jose.Gonzalez

By Jose Gonzalez staff 24 Jan 2022 at 7:48 a.m. CST

Copy
Jose Gonzalez gravatar
In the example given I can see there are still problems with encoding... If `qr-request` returned `79WUORGsq+uxIT/UDZD516F4fRo=` you should not pass that value straight in the query string... it needs [safe url encoding](https://en.wikipedia.org/wiki/Percent-encoding) If you do `.../casa/rest/enrollment/otp/validate-code?mode=totp&code=123123&key=79WUORGsq%2BuxIT%2FUDZD516F4fRo%3D` things will be different.

Post an answer