[MODUSERSKC-8] (PoC env) Token validation error when resetting password Created: 15/Jan/24  Updated: 26/Jan/24  Resolved: 26/Jan/24

Status: Closed
Project: mod-users-keycloak
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Yauhen Viazau Assignee: Oleksandr Oliinyk
Resolution: Done Votes: 0
Labels: back-end, epam-eureka
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Attachments: File MODUSERSKC-8_fixed_poc.mp4     File PoC_reset_password_token_validation_error.mp4    
Sprint: Eureka Sprint 44
Story Points: 1
Development Team: Eureka
RCA Group: Related dependency upgrade

 Description   

Overview: Token validation error when resetting password

Preconditions: 

On PoC env:

  • a user exists in the system (POST /users-keycloak/users)
  • given user has credentials created (POST /authn/credentials)

Steps to Reproduce:

  1. Generate password reset link for a user from Preconditions (POST /users-keycloak/password-reset/link)
  2. Copy access token from the link generated at previous Step (copy everything after "password/")
  3. Reset password for user (POST /users-keycloak/password-reset/reset) using copied access token

Expected Results: Reset request yielded success response

Actual Results: Response with status "422" and token validation error in body:

{
    "errors": [
        {
            "message": "Invalid token.",
            "code": "link.invalid"
        }
    ],
    "total_records": 1
}

Additional Information:
See attached screencast: PoC_reset_password_token_validation_error.mp4

Interested parties:



 Comments   
Comment by Oleksandr Oliinyk [ 15/Jan/24 ]

Seems like the issue is related to upgrading Keycloak to 23

ERROR [org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper] (executor-thread-7646) Error during execution of ProtocolMapper script: org.keycloak.scripting.ScriptExecutionException: Could not execute script 'token-mapper-script_Password reset action mapper' problem was: TypeError: null has no such function "getDecodedFormParameters" in <eval> at line number 2 
Comment by Yauhen Viazau [ 19/Jan/24 ]

Tested on Eureka PoC environment - works as expected

Using API calls from the description, password reset link can be generated, and then token from it can be used to rest password. User can then login using new password.

See screencast: MODUSERSKC-8_fixed_poc.mp4

The same also is working in case the user does not have credentials yet

Generated at Thu Feb 08 22:29:00 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.