Error: "Organization not found for user's role" when using "particle" authentication

Here are my app's organization settings, with the actual organization / product slugs redacted to xxx / yyy.

  <!-- enable organization mode -->
  <bool name="organization">true</bool>
  <!-- organization display name -->
  <string name="organization_name">XXXXXXXXXXXXXXX</string>
  <!-- organizational name for API endpoint URL - must specify for orgMode *new* -->
  <string name="organization_slug">xxx</string>
  <!-- enable product string for API endpoint URL - must specify for orgMode *new* -->
  <string name="product_slug">yyy</string>

The credentials were taken from the particle dashboard for this product, which looks like this:
https://dashboard.particle.io/xxx/yyy/devices

When I try to sign in, I get the following error:

"Organization not found for user's role"

The error occurs when trying to create new accounts, and when trying to sign in using the account used to create the organization.

The configuration settings for the product appear to be correct.

Am I doing something wrong, or is this an issue with the platform?

@lynn

Are you trying to create an customer for a product? Can you post a bit more about the platform or method on the way you are trying to login or create them?

I’ve had a lot of success using the credentials from the dashboard slugs to create customers. More here on creating a customer: https://docs.particle.io/reference/api/#create-a-customer---access-token

I’ve also had a lot of luck using the primary account tokens as well as logging in or operating the cloud api using customers and their oauth generated tokens.

Thanks @1inarow - I’m using the iOS and Android SDKs. I’ve set the SDKs’ customization settings according to the documentation (see the code snippet above).

This should be possible according to the documentation. But I’ve found several cases where the documentation is incorrect. So the question is, do the SDKs actually support authentication via organizations, or am I just doing something wrong?

@lynn are you having trouble getting this working with both the iOS and Android SDKs, or just Android?

Hi @jensck - it’s only happening on the Android SDK. The iOS SDK works just fine.

@lynn do you have any HTTP logs you could share (privately) comparing the request made on iOS vs Android? (On Android, you can enable full HTTP logging by adding this string resource to your app: <string name="http_log_level">FULL</string> )

(note: this logs literally everything, so obviously you don’t want this on by default! =)

Otherwise, I can try a manual test of this on my own tonight and we can continue from there.

Hi @jensck - thanks for taking the time to help me with this.

I have the logs, but they contain sensitive info. What’s the best way to get them to you privately?

But this seems to be the issue:

02-12 13:18:55.539  1901  1945 D Retrofit: <--- HTTP 404 https://api.particle.io/v1/orgs/xxx/customers (374ms)

Where xxx is the same organization slug that I’m using on the iOS app.

@lynn Yeah, there can def. be sensitive data in the logs, so the best way to share them privately would be to zip them up, toss them onto Google Drive (or dropbox, whatever) and give access to my account to read the file: jens.knutson@gmail.com

Nice to see you’ve got a handle on the issue already – thanks for looking into this with me. To clarify, the actual URL being requested is identical between the two apps, but on Android a 404 is returned, correct?

I’m still trying to figure out how to log the network activity on iOS. Is there an equivalent to Android’s http_log_level in the iOS SDK?

So login works on android for accounts that were created on iOS.

02-12 14:07:14.355  2301  2345 D Retrofit: <--- HTTP 200 https://api.particle.io/oauth/token (570ms)

But I’m not seeing the organization slug mentioned anywhere in the login request - it’s not in the headers, body, or params.

Is it possible that the iOS SDK isn’t using organizations, and that it’s just creating generic particle accounts?

Good questions re: logging and accounts.

@ido / @idok can you comment on these? (I can check the accounts code on my own later today, but I think you’re in a better place to answer the logging question.)

Thanks @jensck.

And for the record, I’m using the latest versions of all the packages:

ios
Spark-SDK: 0.3.0
SparkSetup: 0.2.1

android
io.particle:cloudsdk: 0.3.4
io.particle:devicesetup: 0.3.5

No need for http_log_level setting in iOS - any non-200 error from SDK command will be logged in the console.

and indeed more logging info is required + the org name - I can check if it exists in our databases and is linked to your user/customer.

Hi @ido - the problem is that I’m getting a 200 response, but I’m worried that it’s hitting the wrong URL.

What is the best way to monitor network traffic in XCode? I’ve been banging my head on this for the past few days. I’ve even tried WireShark, but I think the traffic is encrypted so I can’t see any of the request info.

Thanks for your help with this.

Sorry, I need a some clarification on the issue - what are you trying to achieve? thru what API? what’s failing? how did you figure out that’s failing?

Hi @ido - I'm just trying to authenticate users as customers to an organization.

I followed the docs here for iOS and here for android.

When I try to login or sign up using the Android Setup SDK, I get the following error:

"Organization not found for user's role"

When I log the request using http_log_level = true, I see that my organization endpoint is returning a 404. I sent the full request log to @jensck. I can send it to you as well if you give me your email address.

The strange thing is that I am able to register accounts and log in via the iOS setup SDK. And stranger still is that I can login from Android using accounts that were created via the iOS setup SDK.

I suspect that the iOS SDK is not actually using our organization endpoint for the following reasons:

This is the code that I used to set up the iOS SDK for organizations:

  [SparkSetupCustomization sharedInstance].organizationName = @"Xxx";
  [SparkSetupCustomization sharedInstance].organizationSlug = @"xxx";
  [SparkSetupCustomization sharedInstance].productName = @"yyy";
  [SparkSetupCustomization sharedInstance].productSlug = @"zzz";

Where xxx, yyy, and zzz are the values that I found on dashboard.particle.io when following the instructions in the documentation.

So these are the questions that I have:

  1. Are organizations supported on the iOS and Android SDKs, or have I misread the documentation?

  2. If organizations are supported by the SDKs, is my configuration incorrect, or is this a bug?

Thanks again for your help @ido and @jensck.

Ok I found the issue with iOS. The latest versions of the iOS packages are as follows:

Spark-SDK: 0.3.4
SparkSetup: 0.3.3

The repositories for those projects have the latest packages listed as:

Spark-SDK: 0.3.0
SparkSetup: 0.2.1

I updated the packages and now I'm getting the following error when I try to register on iOS:

Could not signup

Make sure your user email does not already exist and that you have entered the activation code correctly and that it was not already used

The console shows the same error that we're getting on android:

https://api.particle.io/v1/orgs/xxx/customers Failed (status code 404): {
    error = "Organization not found for user's role.";
    ok = 0;
}

So @ido or @jensck - can you please check that our organization exists in your database at the slug that I’ve set and is configured correctly for customer authentication via the SDKs?

What's the slug? feel free to email me at ido@particle.io
if you need to transfer sensitive information