JohnH.89444 (Customer) asked a question.
I have implemented a Password Import Inline Hook. I've been able to test the hook endpoint outside of Okta using curl.
I have defined the hook in Okta using the API. Here's what it looks like when querying /inlineHooks:
[
{
"id": "calpyehwswdOnaRQO0h7",
"status": "ACTIVE",
"name": "MyAccount Password Import Inline Hook",
"type": "com.okta.user.credential.password.import",
"version": "1.0.0",
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://mobiledev.red/myaccount/authn",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "Authorization"
}
}
},
...
}
]
I used the Okta "Create User with Password Import Inline Hook" API to create a user.
Finally, I try to login to the new user, using a password that is valid according to the hook.
I get "Password is Incorrect":
The System Log shows only "failed":
I downloaded the CSV report from the System Log but cannot find any more detail there.
The Apache logs on the server where the hook is show no activity. It seems that Okta did not attempt to call the hook.
How can I find out what's wrong with the hook?
In case it's useful for others, I finally discovered that the /logs API gives a lot more detail on errors than is available in the web UI. (Doh!)
Using this query:
"https://{my domain}/api/v1/logs?filter=event_type+eq+%22inline_hook.executed%22&since=2020-03-06T00%3A00%3A00Z&until=2020-03-07T00%3A00%3A00Z"
I get back a JSON array of events, which includes in my case this fragment:
"debugContext": {
"debugData": {
"deviceFingerprint": "6ae3188011816d3456ab3470f384cc35",
"requestId": "XmKOK3q0gDjCeTz-coRVngAAB0c",
"errorMessage": "Hook MyAccount Password Import Inline Hook timed out",
"requestUri": "/api/v1/authn/factors/password/verify",
"threatSuspected": "false",
"url": "/api/v1/authn/factors/password/verify?rememberDevice=false"
}
},
Which is the additional information I was looking for.