19y6b (19y6b) asked a question.
can't 'Create User without Credentials"
I am sending a 'Create User without Credentials' request with postman (after having installed the okta create collection); the Authorization http header is set to SSWS ${apikey} ; where the apikey variable has been set; now the first response is 302 response with location header: Location: https://${url}.okta.com:443/api/v1/users?activate=false ; postmen then sends a HTTP get request for that url with the same http Authorization header, but now gets a 401 response with the following response body: {"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oae1habuqMsRTqUeNxiG7LEXQ","errorCauses":[]}
what's wrong?
Here are the requests/responses in more detail, I have swapped the url prefix for ${url} and apikey for ${apikey}
The first post request/response
POST http://${url}.okta.com/api/v1/users?activate=false
302
POST / HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: SSWS ${apikey}
User-Agent: PostmanRuntime/7.28.0
Postman-Token: 25bd96c2-918c-494b-8be7-3e7b6b8be8f9
Host: nex-test301.okta.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 154
HTTP/1.1 302
Server: awselb/2.0
Date: Sun, 09 May 2021 11:17:48 GMT
Content-Type: text/html
Content-Length: 110
Connection: keep-alive
Location: https://${url}.okta.com:443/api/v1/users?activate=false
the second GET request / response
GET https://${url}.com:443/api/v1/users?activate=false
401
970 ms
Network
addresses: {…}
tls: {…}
Request Headers
Accept: application/json
Authorization: SSWS ${apikey}
User-Agent: PostmanRuntime/7.28.0
Postman-Token: 25bd96c2-918c-494b-8be7-3e7b6b8be8f9
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nex-test301.okta.com/api/v1/users?activate=false
Host: nex-test301.okta.com
Request Body
{
"profile": {
"firstName": "Frodp",
"lastName": "Baggins",
"email": "moser.michael@gmail.com",
"login": "moser.michael@gmail.com"
}
}
Response Headers
Date: Sun, 09 May 2021 11:17:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Public-Key-Pins-Report-Only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-okta-request-id: YJfE3QMHTvH20DtespDYHwAACTI
p3p: CP="HONK"
www-authenticate: SSWS
x-content-type-options: nosniff
Strict-Transport-Security: max-age=315360000; includeSubDomains
set-cookie: sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Response Body
{"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oae1habuqMsRTqUeNxiG7LEXQ","errorCauses":[]}