By: Joe Smith user 02 Jan 2022 at 10:25 p.m. CST

4 Responses
Joe Smith gravatar
## expected behavior returns 400 or 200 response to handle ## actual behavior returns "code: FAILURE" I am managing users in my own database. Some users enroll multiple devices, others only one. All ports are open and CORS is correctly configured. Steps to reproduce: - Create user via SCIM API - Request QR code via Enrollments API (/casa/rest/enrollment/otp/qr-request) with user - Validate code via Enrollments API (casa/rest/enrollment/otp/validate-code) Last step returns 500 error. This is very hit and miss. Sometimes it works, sometimes it doesnt.

By Mobarak Hosen Shakil staff 03 Jan 2022 at 10:07 p.m. CST

Mobarak Hosen Shakil gravatar
Hi Joe Smith, Can you explain a bit more? any logs to share? I could not understand what do you mean by **own database**! is that opendj? Regards ~ Shakil

By Jose Gonzalez staff 04 Jan 2022 at 4:05 p.m. CST

Jose Gonzalez gravatar
He must be talking about Casa enrollment API... definitely he could have done a better job describing the issue Joe, if you can collect some sample parameters for both calls (qr-request and validate-code) that result in failure, we might study what's wrong. So far, I can say that `"code: FAILURE"` may be caused by: - `mode` param different than `hotp` or `totp` - `key` param not being properly URL-encoded. This is important because the value is passed in the query string. This is a PHP [example](https://www.php.net/manual/en/function.urlencode.php)

By Joe Smith user 20 Jan 2022 at 7:31 p.m. CST

Joe Smith gravatar
Getting the QR code (qr-request) works just fine without fail (thanks!) Here is more info for the validate-code "VALIDATE CODE" "https://gluuserver.com/casa/rest/enrollment/otp/validate-code?mode=totp&code=123123&key=79WUORGsq+uxIT/UDZD516F4fRo=" @Jose.Gonzalez

By Jose Gonzalez staff 24 Jan 2022 at 7:48 a.m. CST

Jose Gonzalez gravatar
In the example given I can see there are still problems with encoding... If `qr-request` returned `79WUORGsq+uxIT/UDZD516F4fRo=` you should not pass that value straight in the query string... it needs [safe url encoding](https://en.wikipedia.org/wiki/Percent-encoding) If you do `.../casa/rest/enrollment/otp/validate-code?mode=totp&code=123123&key=79WUORGsq%2BuxIT%2FUDZD516F4fRo%3D` things will be different.