Internal Spec:
https://stormpath.atlassian.net/wiki/display/AM/Error+Callback+for+ID+Site

The custom data does not get updated on Stormpath when calling the parent resource's save() method.

For example, the following code doesn't save the custom data on the account, but it does save the middleName property:

$account->setMiddleName('Test middle name'); 
$customData = $account->customData; 
$customData->companyName = 'Company Test'; 
$account->save();

In order to save the customData, the save() method would need to be called on the customData object which shouldn't be the case since the REST API allows the update on the custom data when updating the resource.

I have encountered an error when I try to save to the Custom Data object of an Account.

This code below works, I can verify the newly saved data in the stormpath gui at https://api.stormpath.com/login . The variable $account is an object of class Stormpath\Resource\Account .

1. $customData = $account->getCustomData();
2. // $customData->foo;
3. $customData->foo = [1, 2];
4. $customData->save();

However, if I uncomment line 2. I get an error on line 4 with code 3003:

"Property name 'createdAt' is invalid. Property names may not equal any of the following reserved names: 'href', 'createdAt', 'modifiedAt', meta', 'spMeta', 'spmeta', 'ionmeta', or 'ionMeta'."

It seems there is some kind of bug in the library which sets that createdAt-property if I read from the CustomData object, which prevent saving to it. If I dont read something from it first, it works to save to it.

The documentation on http://docs.stormpath.com/php/product-guide/#client states I can create a client:

$apiKey = new \Stormpath\ApiKey($key, $secret);
$client = new \Stormpath\Client($apiKey);

BUT that's incorrect; it always generates an error:

Warning: Missing argument 2 for Stormpath\Client::__construct(), /vendor/stormpath/sdk/src/Stormpath/Client.php on line 103

Warning: Missing argument 3 for Stormpath\Client::__construct(), /vendor/stormpath/sdk/src/Stormpath/Client.php on line 103

What is the proper way to create new \Stormpath\Client() in PHP with your SDK - only 1 of the 3 required parameters are documented?

When a login is sent back from ID site, the account returned does not provide any of the custom data for the account. This should be fixed to allow custom data to be returned as part of the account object. Many times, people will need this custom data as part of the logic for what to do with the user after login.

Hi,
Because the new branch new-overhaul has been created it suggests all clients created by third parties will not be official releases, therefore I want to advocate for this client for Stormpath: https://github.com/TomHAnderson/StormpathClient-PHP

It has the following features:

• Fully psr-0
• Written with ZF2
• Implements Doctrine-common ORM, just like DoctrineORMModule
• Lazy Loading
• Complete API coverage

I recommend it to anyone needing a PHP Client for the Stormpath API.

Also, a suggestion for Stormpath PHP admins on Github: ZF2 (and many others) use a very nice process for managing community contributions. You can read about it here http://framework.zend.com/participate/contributor-guide

edited 2013-10-13 js ta gg

Implement Memory, Redis, and Memcached Caching in the PHP SDK

Design can be followed in Node. The Client accepts caching options, which gets set on the Datastore's CacheHandler.

https://github.com/stormpath/stormpath-sdk-node/blob/master/lib/Client.js

http://docs.stormpath.com/nodejs/api/client
http://docs.stormpath.com/nodejs/api/cache
http://docs.stormpath.com/nodejs/api/cacheManager

For the code-coverage to be anywhere near useful, instead of the current configuration, PHPUnit 4.* should be used with stricter settings in regards to coverage in the phpunit.xml.dist file.

Also, there should be a phpunit.xml.dist file 😉

If you feel up for it, I wouldn't mind opening a PR with some suggestions...

Here is what I am doing:

$application = \Stormpath\Resource\Application::get('https://api.stormpath.com/v1/applications/XXX');

$account = \Stormpath\Resource\Account::instantiate(array(
    'givenName' => 'name',
    'surname' => 'name',
    'email' => 'some_email',
    'password' => 'password'
));

$newAccount = $application->createAccount($account);

echo json_encode($newAccount)

I looked at the Stormpath source and I got as far as line 38 in DefaultResourceFactory.php. The call to newInstanceArgs returns an empty object. At that point $constructorArgs has the following:

[{},{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN","username":"[email protected]","email":"[email protected]","givenName":"Balance","middleName":null,"surname":"Forecasting","fullName":"Balance Forecasting","status":"ENABLED","emailVerificationToken":null,"customData":{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN\/customData"},"providerData":{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN\/providerData"},"directory":{"href":"https:\/\/api.stormpath.com\/v1\/directories\/4dzbfZtt8poqHgyB6f9zOj"},"tenant":{"href":"https:\/\/api.stormpath.com\/v1\/tenants\/3TvTQ5EW0kxNn5HdxO91jt"},"groups":{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN\/groups"},"groupMemberships":{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN\/groupMemberships"},"apiKeys":{"href":"https:\/\/api.stormpath.com\/v1\/accounts\/3PSZsbDNDF60EPKXxVcNeN\/apiKeys"}},[]]

Any ideas?

As a developer, it would be nice to be able to log in directly using a directory or group instead of the whole application. This would be helpful for developers who want to have many different account stores under one application but may have the same user under different stores. (think multi tenant applications)

The Stormpath SDK should be able to support something like:

require 'vendor/autoload.php';

\Stormpath\Client::$apiKeyFileLocation = dirname(__FILE__) . '/.stormpath/apiKey.properties';

$applicationHref = 'https://api.stormpath.com/v1/applications/3AvNd4a8gPE5wfPWluT1Da';
$application = \Stormpath\Resource\Application::get($applicationHref);

$account = $application->dataStore->instantiate(\Stormpath\Stormpath::ACCOUNT);
$account->email = '[email protected]';
$account->givenName = 'John';
$account->password ='4P@$$w0rd!';
$account->surname = 'Smith';
$account->username = 'johnsmith';

$customData = $account->customData;
$customData->phone = "12345";

try {
    $application->createAccount($account);

} catch (\Stormpath\Resource\ResourceError $re)
{
    print $re->getStatus() . '<br>';
    print $re->getErrorCode() . '<br>';
    print $re->getMessage() . '<br>';
    print $re->getDeveloperMessage() . '<br>';
    print $re->getMoreInfo() . '<br>';
}

This is my current way of creating a group and associating a user.

1: Create Account and get Account Href

$account = curl_post_stormpath('https://api.stormpath.com/v1/applications/xxx/accounts', $account_data_string);
$account_href = $account->href;

2: Create Group and get Group Href

$res = curl_post_stormpath('https://api.stormpath.com/v1/directories/xxx/groups', $group_data_string);
$group_href = $res->href;

3: Associate account with group via Account Href and Group Href

$group_mem_data = array('account' => array('href' => $account_href), 'group' => array('href' => $group_href));
$group_mem_data_string = json_encode($group_mem_data);
$res = curl_post_stormpath('https://api.stormpath.com/v1/groupMemberships', $group_mem_data_string);

4: Store Group Membership ID for additional users

preg_match("/https:\/\/api.stormpath.com\/v1\/groupMemberships\/(.*)$/i", $res->href, $group_regex);
$group_id = $group_regex[1];

Now my question is, why is the ID in Stormpath for the group and the group membership ID that you get when you initially create the group two different ID's? Not to mention there doesn't look to be a short way to retrieve this group membership id for future use other than the initial group creation since it is not listed anywhere in Stormpath. In order to add new users via the API for future users into the same group, we need that group_id -- yet it is nowhere to be found on Stormpaths UI.

When I ran through this scenario, on Stormpath the ID for the group I created is as follows.
Stormpath ID/Stormpath Rest URL: 1EdRuZvh7NyVnyMFaDokxo
API/$group_id: 1EufnhMvPMLAfuGuw7CFgY

If I'm not mistaken, previously these two were the same but somehow changed in the last month or so?

Google believes it is acceptable to tamper with App Engine applications' HTTP requests: they manipulate HTTP request headers or strip some completely.

Stormpath's SDKs use a very secure digest-based authentication mechanism to authenticate every request. Stormpath's API servers calculate the same digest to guarantee that no-one - internal infrastructure, attacker or otherwise, even before or after TLS (SSL) termination - is able to tamper with requests. This technique prevents Man In The Middle attacks.

Because GAE manipulates requests after digest calculation, the Stormpath API servers then detect a potential Man-In-The-Middle interference and rejects the requests (as expected / desired).

In any event, we love our customers and want them to be happy, regardless of Google's impropriety. This issue then represents two pieces of work:

1. Implement a new GAE-compatible authentication scheme based off of the current digest scheme that makes concessions necessary for GAE's runtime model.
2. Add a quick fix to the PHP SDK to allow it to use HTTP Basic authentication until #1 is complete.

We need to fix this to allow for multiple test environments to be run at the same time.

Given the code:
$accessId = 'XXXXXXX'; //These are correct
$secret = 'XXXXXX';

    $client = new \Services_Stormpath_Client_Client(new \Services_Stormpath_Client_ApiKey($accessId, $secret));

    print_r($client->getCurrentTenant());

I get:

            {"error":{"type":"ErrorException","message":"Argument 2 passed to Services_Stormpath_Resource_Resource::__construct() must be an instance of stdClass, string given","file":"\/vendor\/stormpath\/sdk\/Services\/Stormpath\/Resource\/Resource.php","line":30}}

Any Idea Why?

We should be returning the PasswordResetToken Resource when calling sendPasswordResetEmail() but are currently returning an Account Resource. This needs to be changed but will introduce a backwards breaking change. This will be fully fixed in 2.0 release of the sdk, but will have a patch in the 1.12.0 which will allow you to return the PasswordResetToken Resource.

Reference http://docs.stormpath.com/rest/product-guide/#application-password-reset

I have added the SDK into the directory but I can't get past the initial setup without getting the following error:

Warning: include() [function.include]: Failed opening '/nas/wp/www/cluster-1772/wp-content/themes/salient/sp_api/Stormpath/ClientBuilder' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /nas/wp/www/cluster-1772/wp-content/themes/salient/sp_api/Stormpath.php on line 29

Fatal error: Class 'Stormpath\ClientBuilder' not found in /nas/wp/www/cluster-1772/wp-content/themes/salient/stormpath.php on line 13

Here is my code in the file stormpath.php

require 'sp_api/Stormpath.php';

$apiKeyFile = '.stormpath/apiKey.properties';

$builder = new Stormpath\ClientBuilder();
$client = $builder->setApiKeyFileLocation($apiKeyFile)->build();

$apps = $client->tenant->applications;
$apps->search = array('name' => 'My Application');
$application = $apps->getIterator()->current();

I've also had the sp_api called "Stormpath" before as well, thinking there might have been some issue with the directory name.

Added benefit of not needing PEAR package

PHP 5.3 was EOL'd 7 months ago. I do not want Stormpath to manage support for unsupported version of PHP

Currently in the SDK, there is no convenience method for gaining access to the total count (size) of the list. Adding this to the SDK will be a nice addition and should be added.

The API has recently added this to the returned results so it should be added to the results in the SDK

Follow Java Support:
http://docs.stormpath.com/java/product-guide/#integrating-with-google
http://docs.stormpath.com/java/product-guide/#integrating-with-facebook

PHP needs to support the ability to create Google and Facebook directories and the ability to pass an access token or authorization code.

There seems to be an issue with ID Site where a user who times out on the webpage before clicking on logout will throw errors. To reproduce this, just create a active user who has signed in via ID site and wait (dont hit logout or leave the page) for the session idle timeout to expire. Once this happens, click on logout. The JWTResponse will return Null for Sub causing issues with both php and Node not having the ability to create an account object.

I think that Stormpath should always provide the account href in sub from the JWT Response so the enduser can know who is logging out.

To be clear, the instances in the collection

Stormpath needs to send the PHP version

All SDKs and Integrations must report back to stormpath the information about its current running environment. This will use the User-Agent http header.
The information will be in the following format:

stormpath-flask/0.1 flask/0.10 stormpath-sdk-python/1.2.5 python/2.2.3 Windows/8.1 (%ANYTHING_ELSE%)

This can be defined as:

• The stormpath integration and version separated by a '/'. If there is no integration being used, this can be omitted
• The stormpath sdk and version separated by a '/'
• The runtime information (runtime/version)
• Integration Runtime (if there is no integration being used, this can be omitted)
• SDK Runtime
• The OS common name and version separated by a '/'.
• All other system information included in parentheses

where do i list all the directories and files in step #4 of your quickstart

http://docs.stormpath.com/rest/product-guide/#create-an-account-with-an-existing-password-hash

[03-Aug-2015 22:24:55 UTC] PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 32 bytes) in /vendor/stormpath/sdk/src/Stormpath/Util/Magic.php on line 28
[03-Aug-2015 22:29:46 UTC] PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 72 bytes) in /vendor/stormpath/sdk/src/Stormpath/Util/Magic.php on line 28
[03-Aug-2015 22:32:17 UTC] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 130968 bytes) in /vendor/stormpath/sdk/src/Stormpath/Resource/Resource.php on line 141
[03-Aug-2015 22:48:44 UTC] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 130968 bytes) in /vendor/stormpath/sdk/src/Stormpath/Resource/Resource.php on line 141

Started out with 64M, bumped up to 128 and still getting OOM.
The triggering code is very simple:

try {
$client = get_client();
if ($client) {
    $account = $client->tenant->verifyEmailToken($vars['sptoken']);
}
else {
    register_error(elgg_echo('email:confirm:fail'));
}

} catch (\Exception $exc) {
register_error($exc->getMessage());
forward();
}

I've verified that $vars['sptoken'] is correct, and it is in fact changing the account status for them in the stormpath directory, but it's throwing OOM in the verifyEmailToken method.

For example:

client.get('/applications/3QIMlJKKN2whGCYzXXw1t8');

This should resolve to getting the object based on the baseUrl when building the client, similar to making the call to:

client.get('https://api.stormpath.com/v1/applications/3QIMlJKKN2whGCYzXXw1t8');

or

client.get('https://enterprise.stormpath.io/v1/applications/3QIMlJKKN2whGCYzXXw1t8');

http://docs.stormpath.com/rest/product-guide/#application-resend-verify-email

Review the documentation related to Oauth Authenticators. https://github.com/stormpath/stormpath-sdk-php#using-the-stormpath-sdk-to-authenticate-and-generate-tokens-for-your-api-keys

There is some issue here on how to use it. $result->account is not valid. $result->apiKey is also not valid... you have to run $result->getApiKey()->account to get the account. and so on.

Regardless if they are using the builder or initializing the client directly, the static methods should work for object initialization.

When I submit an authentication request to stormpath, instead of executing the default login logic that cycles through account stores to find an account match, I want to ensure the authentication targets a specific account store. At the time I create the request, I know the account store where the account resides, so I want to target it directly. This will speed up the authentication attempt (especially if I have a very large number of account stores, e.g. for my own multi-tenancy needs).

This issue will add support for adding an accountStore property (a link) to the attempt. If present, the login attempt will target that specific account store and bypass the standard cycle-through-all-app-account-stores algorithm.

https://docs.stormpath.com/java/apidocs/com/stormpath/sdk/authc/UsernamePasswordRequest.html

https://github.com/stormpath/stormpath-sdk-spec/blob/master/specifications/api_auth.md

https://stormpath.atlassian.net/wiki/display/AM/ID+Site+OAuth+Access+Token+Grant+Type

Please take note that firebase/php-jwt 2.0.0 (explicit dependency in 1.6.0beta composer.json) has known security issues.

See https://github.com/firebase/php-jwt changelog:

2.0.0 / 2015-04-01
Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities > in prior versions when both symmetric and asymmetric keys are used together.

Hello, sorry, I'm trying to use this SDK, and now I'm using "mailgun / mailgu-php", "rackspace / php-OpenCloud" using Guzzle 3.8. * Or 3.9. *, And I would use this SDK composer me because now I require Guzzle mark 3.7. *.

Sorry my bad english.

http://docs.stormpath.com/java/product-guide/#authentication-scheme-configuration

Currently, the SDK does not trigger the password reset success email workflow because you are updating the account object and not the passwordResetTokens endpoint off the application. Possibly create a new method on the application resource that would do this.

Create a resetPassword($sptoken, $password) method that returns the account resource object.

When caching expanded resources the key being used is not consistent.

The cache key that is used for cacheing a resource is based on the resource href as well as its options. This is done in

The problem when a resource gets updated and saved the key being used to first delete it from the cache is just based on the href:

As example, we always fetch accounts with expansion of its groups. The account data is saved to a cache key as:

1. https://api.stormpath.com/v1/accounts/7BVwoUmoMCfWdxrHOjtLm4:groups

Later we update and save changes to the account, the cache key will then be:
2. https://api.stormpath.com/v1/accounts/7BVwoUmoMCfWdxrHOjtLm4
which gives a miss as that key does not exist.

Second, the data is saved to the same key:
3. https://api.stormpath.com/v1/accounts/7BVwoUmoMCfWdxrHOjtLm4
which then holds the newly updated data.

Later we fetch the same account with expansion of its groups. The key for that will be:
4. https://api.stormpath.com/v1/accounts/7BVwoUmoMCfWdxrHOjtLm4:groups
which of course doesn't include the newly updated data, but the data from the 1. fetch.

I would suggest a solution to this to just skip the options our from the key creation. Which would keep the same cache key over the whole lifecycle of the cached item. Also it would work incremental as when ever new data is expanded it would be saved to the cached item (overwritten).

@bretterer ping me when you are ready to start on this.

http://docs.stormpath.com/guides/using-id-site/

Github and Linked in are now Directory Types and we need to support these in the PHP SDK

I'm trying to update an array inside my customData object but nothing happens. If I save the array directly, it works fine, but if I set my $settings variable, it breaks.

global $client;

    $account = $client->dataStore->getResource($this->href, \Stormpath\Stormpath::ACCOUNT);
    $customData = $account->customData;

// $settings = $customData->settings;

    $module = new stdClass();
    $module->modules = $modules;

// $settings->modules = $modules;
$customData->settings = $module;
$customData->save();

This works, but if I take the first comment out and run it, nothing happens. What am I missing?

The JWT for the Register page is being created but when you get there and type in a password, You receive the following in the console.

TypeError: Cannot read property 'minLength' of null
    at Array.link.b.validate.e (https://xxx.id.stormpath.io/scripts/app.js:1:8939)
    at k.link.b.validate (https://xxx.id.stormpath.io/scripts/app.js:1:9502)
    at Object.a.fields.(anonymous function).validate (https://xxx.id.stormpath.io/scripts/app.js:1:7035)
    at https://xxx.id.stormpath.io/scripts/app.js:1:5971
    at Array.filter (native)
    at k.a.submit (https://xxx.id.stormpath.io/scripts/app.js:1:5925)
    at ee.functionCall (https://xxx.id.stormpath.io/scripts/vendor.js:6:13813)
    at https://xxx.id.stormpath.io/scripts/vendor.js:6:20990
    at k.$get.k.$eval (https://xxx.id.stormpath.io/scripts/vendor.js:5:11080)
    at k.$get.k.$apply (https://xxx.id.stormpath.io/scripts/vendor.js:5:11358)

This is causing the ability to register to not work.

http://docs.stormpath.com/guides/token-management/

• Token Management
• Organization Resource
• ID Site Token Exchange

http://docs.stormpath.com/rest/product-guide/#organizations