Problem creating customers


We are making a product and using the Two-Legged Auth method.

Here are the steps I’ve followed so far, following this guide:

  1. Creating OAuth Client Credientials – I did this on, choosing Two-Legged (Server) –no problems so far

  2. I added OAuth Credentials to my server. We have a rails application, so the client credentials live in the deployed server environment

  3. I have tried to create a Customer. I used my client credentials to do this, following this guide:

    curl -X POST -u “client-id-goes-here:client-secret-goes-here” -d
    -d no_password=true

I received a bearer token in response:


I then tried to verify that the customer exists:

curl -X GET\?access_token="9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

I receive this:


When I check in the product tab, no customers exist, so this checks out. But, not so quick, because if I try to create a customer again using the same command as before, I get this error:


And, to make matters more confusing, if I query my product devices with the following command, it shows that I have multiple devices:

curl -X GET\?access_token="9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

What am I missing here? Why am I unable to create customers?

When you create a customer it exists in a half-created state until the customer claims a device. It won’t appear in the console until they claim a device, but if you try to create the customer again, you’ll get an error.

I think you are creating the customer correctly, but when you’re claiming the device it’s not picking up the injected shadow customer access token correctly so it’s not claiming the device to the customer, which as a side effect prevents the customer from being visible in the console.

This might be helpful, it walks through the claiming process manually so you can better understand what all of the tokens and claim codes are used for.

Oo this last resource looks really helpful!

I think the problem that I’ve been having is that my device is already claimed. So, when I use the claim code it doesn’t really do anything. Also, when I run through the wifi setup, I am just re-using the claim code that the device already has.


Yes, that will do it. Maybe sure you

  • Unclaim the device from your account
  • Add the device ID to the product if you haven’t already done so
  • Clear the device claim code (optional)

When you reuse a device, even if you’ve unclaimed it from the cloud side, there’s a flag set on the device itself that’s not cleared because unclaiming from the console or CLI only resets the cloud side, not the device side.

The way it works is that your phone pulls a list of all of the devices in the logged in account before connecting to the SoftAP. If the has been claimed flag is set, it compares the device ID of the device you’re setting up to the list. If it’s not in the list, you get the do you want to claim message.

The reason is that until it connects to SoftAP the app doesn’t know the device ID, and after it connects to SoftAP, it can no longer contact the cloud to check claiming.

The workaround is to make sure you clear the on-device claiming flag, the last tip on this page:

This is more like the experience users will get with a factory fresh Photon, anyway.

If you don’t clear the device-side claim flag on a previously used device, you’ll get a weird message when using two-legged auth:

Do you want to claim ownership of this Particle device to (null)?

It doesn’t hurt anything, but it’s weird. Clearing the device claim flag prevents that from happening.

Thanks so much for the advice. Unfortunately I got myself into a bit of a pickle.

I have tried to reset the device to its factory settings, following all of the steps in the photonreset guide. It worked the first time, but I forgot to add the device ID before claiming, so I tried to reset the device again.

This time I am getting a alternating cyan and red flashing. Particle docs indicate that this means incorrect public key, but I can’t seem to find a way to fix this issue. Is there anything I can do at this point?

You should be able to get back to normal by:

Remove the Photon from your product (temporarily) or mark it as a developer device

Put the Photon in DFU mode (blinking yellow) by holding down RESET and SETUP, releasing RESET and continuing to hold down SETUP while the main LED blinks magenta until it blinks yellow, then release.

Then enter the command:

particle flash --usb tinker

Put the Photon into Listening mode (blinking blue) by holding down SETUP until it blinks blue. Then issue the CLI command:

particle serial identify

Save the Device ID; you’ll need it later.

Then put the Photon in DFU mode by holding down both the RESET and SETUP buttons, releasing RESET and continuing to hold down SETUP until it blinks yellow and issue the commands below, in order.

particle keys server
particle keys doctor YOUR_DEVICE_ID

If you get this error under Windows:

'openssl' is not recognized as an internal or external command, operable program or batch file.

and you have used the CLI installer as described above, it may work if you do:

cd c:\OpenSSL-Win32\bin
particle keys doctor YOUR_DEVICE_ID

There are additional tips for a missing openssl error on this page, including tips for Mac OS X and Linux.

1 Like

That worked! Thanks, again