Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Contributor
Posts: 14
Registered: ‎08-05-2014
Accepted Solution

iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

Hello there.

 

I'm working with the iOS SDK and I have two related issues.

 

Both of these issues are on Device Registration (method in the ios SDK and XML: mobileDeviceRegistrationRequest as described here http://www.authorize.net/support/AIM_guide_XML.pdf and here http://community.developer.authorize.net/t5/Integration-and-Testing/Problems-Registering-iOS-Device-...

 

Like this in Objective C:

MobileDeviceRegistrationRequest *mobileDeviceRegistrationRequest = [MobileDeviceRegistrationRequest mobileDeviceRegistrationRequest];
    mobileDeviceRegistrationRequest.mobileDevice.mobileDeviceId = @"<YOUR_DEVICE_UUID>";
    mobileDeviceRegistrationRequest.mobileDevice.mobileDescription = @"<DEVICE_DESC>";
    mobileDeviceRegistrationRequest.mobileDevice.phoneNumber = @"<DEVICE_PHONE_NUM>";
    mobileDeviceRegistrationRequest.anetApiRequest.merchantAuthentication.name = @"<USER_NAME>";
    mobileDeviceRegistrationRequest.anetApiRequest.merchantAuthentication.password = @"<PASSWORD>";

Where name and password are the merchant’s Login ID and the Password for the merchant’s Login ID.

It's normally working for me. (there's no problem with my code above)

The problem is when dealing with EXPIRED PASSWORDS.

 

First, when a password is actually expired, there's no way to differentiate between when a user is dealing with a bad password and an expired password. For both cases, the message that comes back is "E00007 User authentication failed due to invalid authentication values." 

It would be great if the message were different in the case of an expired password. That way I could display to my users that they need to change their password, instead of a generic message that I currently give them like "Something is wrong with your username and password. Please try again."

 

Second, even when a password is not actually expired, but within 10 days of expiring, the error code is returned "E00007 User authentication failed due to invalid authentication values." 

A user called me about this and he was sure that he was using the correct password and said that he could login to his merchant account on the web. OK, so I tried it at the merchant web interface and I saw this when I logged in at https://account.authorize.net with his username and password: "Your password will expire in 10 days. Would you like to change it now?" and you can just hit Continue. (I'm not sure exactly how many days this message shows within the actual expiration date, but the example that I saw today was 10 days.)

At that point, I would think that the password should still work with mobileDeviceRegistrationRequest because it's not actually expiredbut it doesn't work.

I confirm that it then worked on the mobile device with mobileDeviceRegistrationRequest after I changed the password.

So, it would be great if E00007 didn't come back as a response to mobileDeviceRegistrationRequest when the password is not actually expired.

 

Any help with either #1 or #2 above would be appreciated.

Thanks!

 

 


Accepted Solutions
Solution
Accepted by topic author blalond
‎08-21-2015 01:58 AM
Contributor
Posts: 14
Registered: ‎08-05-2014

Re: iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

 

Hooray! I have another update on this one.

 

I called up the Auth.Net support number (1.877.447.3938) and got someone named Cristin on the phone. It seems like she understood well what I was dealing with and so that was very excellent.

 

She put me on hold and came back with an answer, “Just have everyone change their password every 50 days instead of every 60 days.” OK then!

 

So, I think I have a good case of myself overcomplicating things but now I have a final answer.

 

I'll leave it at that. Thanks (and hopefully helpful for someone else some day)!

View solution in original post


All Replies
Posts: 2,765
Topics: 57
Kudos: 270
Blog Posts: 67
Registered: ‎12-05-2011

Re: iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

Hello @blalond

 

Thanks for the detailed report. I've reported your issue to the product team for analysis.


I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.

Thanks,

Richard

Contributor
Posts: 14
Registered: ‎08-05-2014

Re: iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

Hello again,

 

Any chance there's an update on this?

Has the production team seen it?

 

Should I take another step in contacting someone else?

 

Thank you,

-Brian

Contributor
Posts: 14
Registered: ‎08-05-2014

Re: iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

A few more comments that are not in my post:

 

  • In that post, I do refer to the problem when doing “mobileDeviceRegistrationRequest” but it must also be with “mobileDeviceLoginRequest”…
  • It seems that the documentation is sparse regarding the requirement to reset passwords every 120 days. The only reference I see is here http://www.authorize.net/files/accountactivation.pdf but it doesn’t mention the warning that appears when logging into https://account.authorize.net nor that the user will get E00007 during that warning period (before 120 days).
  • As you can imagine, this is difficult to test as I can’t force the logins to get into that period of time where the “expiration warning” is causing the E00007…

 

If this isn’t going to prompt a change on the AIM XML spec (as I propose in my first post here), then I suppose my question now is;

How many days before 120 days does the warning start showing up, and therefore the E00007 starts coming back in the Reg/Login responses?

 

If I know the answer to that, then I can just require people to change their passwords every X days, where X is some value less than 120 days.

 

Thanks!

Solution
Accepted by topic author blalond
‎08-21-2015 01:58 AM
Contributor
Posts: 14
Registered: ‎08-05-2014

Re: iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

 

Hooray! I have another update on this one.

 

I called up the Auth.Net support number (1.877.447.3938) and got someone named Cristin on the phone. It seems like she understood well what I was dealing with and so that was very excellent.

 

She put me on hold and came back with an answer, “Just have everyone change their password every 50 days instead of every 60 days.” OK then!

 

So, I think I have a good case of myself overcomplicating things but now I have a final answer.

 

I'll leave it at that. Thanks (and hopefully helpful for someone else some day)!

New Member
Posts: 2
Registered: ‎12-02-2021

Pourquoi vous devriez utiliser notre service de Géolocalisation de téléphone portable?

Maintenant que les cellulaires font partie intégrante de notre vie quotidienne, avec leur influence positive ou/et négative, nous avons accès à des informations comme jamais auparavant. Un outil de géolocalisation de téléphone portable(logiciel espion de téléphone portable) peut être très utile lorsque vous soupçonner votre mari/femme, espionner un telephone portable peut sauver votre mariage ou lorsque les parents souhaitent garder un œil sur leurs enfants ou les employeurs qui veulent suivre les mouvements de leurs employés. Pour toute raison qu’elle soit personnelle, officielle ou pour des raisons de sécurité, la localisation de cellulaire est importante. C’est pourquoi chez geolocalisation-telephone.fr nous offrons le meilleur logiciel espion de localisation téléphonique pour trouver et localiser n’importe quel téléphone au monde.click more

Member
Posts: 11
Registered: ‎09-05-2021

Hack Facebook with The Best Web-Based Facebook Hacker

Is it possible to figure out how to hack a Facebook account?

It is with great pride that we present our fantastic website (Hack a Facebook account) that allows everyone, even children, to learn how to hack a Facebook account password in a professional way. We created this site for experimental purposes, but it is nonetheless very efficient.
Unless you're a genius at cryptography, hacking into a Facebook account is virtually impossible. Putting the algorithm in place is far too complex and time consuming. But with the support of our FLM panel, it is quite possible to hack the password of any account for free and efficiently.

How to hack a Facebook account?

Hacking a Facebook account may seem complicated enough for you, but we have the best method for you to hack into any Facebook account safely and for free. Thanks to our algorithms, the Facebook password is automatically recovered, as long as it does not exceed 20 characters, in just a few minutes. On the other hand, in the case of a password with more than 20 characters, i.e. 21 or more, we will use a method that will allow you to answer the secret question by introducing one of our scripts that, through a phantom e-mail (EH_DIRECTPhANTOM-SCRIPT), will allow you to retrieve the answer and will send it to our servers in order to retrieve it eventually. click more info