cancel
Showing results for 
Search instead for 
Did you mean: 

iOS MobileDeviceRegistrationRequest fails with E00007 even when password is not expired

Hello there.

 

I'm working with the iOS SDK and I have two related issues.

 

Both of these issues are on Device Registration (method in the ios SDK and XML: mobileDeviceRegistrationRequest as described here http://www.authorize.net/support/AIM_guide_XML.pdf and here http://community.developer.authorize.net/t5/Integration-and-Testing/Problems-Registering-iOS-Device-...

 

Like this in Objective C:

MobileDeviceRegistrationRequest *mobileDeviceRegistrationRequest = [MobileDeviceRegistrationRequest mobileDeviceRegistrationRequest];
    mobileDeviceRegistrationRequest.mobileDevice.mobileDeviceId = @"<YOUR_DEVICE_UUID>";
    mobileDeviceRegistrationRequest.mobileDevice.mobileDescription = @"<DEVICE_DESC>";
    mobileDeviceRegistrationRequest.mobileDevice.phoneNumber = @"<DEVICE_PHONE_NUM>";
    mobileDeviceRegistrationRequest.anetApiRequest.merchantAuthentication.name = @"<USER_NAME>";
    mobileDeviceRegistrationRequest.anetApiRequest.merchantAuthentication.password = @"<PASSWORD>";

Where name and password are the merchant’s Login ID and the Password for the merchant’s Login ID.

It's normally working for me. (there's no problem with my code above)

The problem is when dealing with EXPIRED PASSWORDS.

 

First, when a password is actually expired, there's no way to differentiate between when a user is dealing with a bad password and an expired password. For both cases, the message that comes back is "E00007 User authentication failed due to invalid authentication values." 

It would be great if the message were different in the case of an expired password. That way I could display to my users that they need to change their password, instead of a generic message that I currently give them like "Something is wrong with your username and password. Please try again."

 

Second, even when a password is not actually expired, but within 10 days of expiring, the error code is returned "E00007 User authentication failed due to invalid authentication values." 

A user called me about this and he was sure that he was using the correct password and said that he could login to his merchant account on the web. OK, so I tried it at the merchant web interface and I saw this when I logged in at https://account.authorize.net with his username and password: "Your password will expire in 10 days. Would you like to change it now?" and you can just hit Continue. (I'm not sure exactly how many days this message shows within the actual expiration date, but the example that I saw today was 10 days.)

At that point, I would think that the password should still work with mobileDeviceRegistrationRequest because it's not actually expiredbut it doesn't work.

I confirm that it then worked on the mobile device with mobileDeviceRegistrationRequest after I changed the password.

So, it would be great if E00007 didn't come back as a response to mobileDeviceRegistrationRequest when the password is not actually expired.

 

Any help with either #1 or #2 above would be appreciated.

Thanks!

 

 

blalond
Contributor
1 ACCEPTED SOLUTION

Accepted Solutions

 

Hooray! I have another update on this one.

 

I called up the Auth.Net support number (1.877.447.3938) and got someone named Cristin on the phone. It seems like she understood well what I was dealing with and so that was very excellent.

 

She put me on hold and came back with an answer, “Just have everyone change their password every 50 days instead of every 60 days.” OK then!

 

So, I think I have a good case of myself overcomplicating things but now I have a final answer.

 

I'll leave it at that. Thanks (and hopefully helpful for someone else some day)!

View solution in original post

5 REPLIES 5

Hello @blalond

 

Thanks for the detailed report. I've reported your issue to the product team for analysis.


I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.

Thanks,

Richard

RichardH
Administrator Administrator
Administrator

Hello again,

 

Any chance there's an update on this?

Has the production team seen it?

 

Should I take another step in contacting someone else?

 

Thank you,

-Brian

A few more comments that are not in my post:

 

  • In that post, I do refer to the problem when doing “mobileDeviceRegistrationRequest” but it must also be with “mobileDeviceLoginRequest”…
  • It seems that the documentation is sparse regarding the requirement to reset passwords every 120 days. The only reference I see is here http://www.authorize.net/files/accountactivation.pdf but it doesn’t mention the warning that appears when logging into https://account.authorize.net nor that the user will get E00007 during that warning period (before 120 days).
  • As you can imagine, this is difficult to test as I can’t force the logins to get into that period of time where the “expiration warning” is causing the E00007…

 

If this isn’t going to prompt a change on the AIM XML spec (as I propose in my first post here), then I suppose my question now is;

How many days before 120 days does the warning start showing up, and therefore the E00007 starts coming back in the Reg/Login responses?

 

If I know the answer to that, then I can just require people to change their passwords every X days, where X is some value less than 120 days.

 

Thanks!

blalond
Contributor

 

Hooray! I have another update on this one.

 

I called up the Auth.Net support number (1.877.447.3938) and got someone named Cristin on the phone. It seems like she understood well what I was dealing with and so that was very excellent.

 

She put me on hold and came back with an answer, “Just have everyone change their password every 50 days instead of every 60 days.” OK then!

 

So, I think I have a good case of myself overcomplicating things but now I have a final answer.

 

I'll leave it at that. Thanks (and hopefully helpful for someone else some day)!

Maintenant que les cellulaires font partie intégrante de notre vie quotidienne, avec leur influence positive ou/et négative, nous avons accès à des informations comme jamais auparavant. Un outil de géolocalisation de téléphone portable(logiciel espion de téléphone portable) peut être très utile lorsque vous soupçonner votre mari/femme, espionner un telephone portable peut sauver votre mariage ou lorsque les parents souhaitent garder un œil sur leurs enfants ou les employeurs qui veulent suivre les mouvements de leurs employés. Pour toute raison qu’elle soit personnelle, officielle ou pour des raisons de sécurité, la localisation de cellulaire est importante. C’est pourquoi chez geolocalisation-telephone.fr nous offrons le meilleur logiciel espion de localisation téléphonique pour trouver et localiser n’importe quel téléphone au monde.click more

Localiser
Member