forgotPassword method issue with TenantId

[kgogolek]

Hi

When sending a request using FA client v1.12 we're getting this message, despite the tenant id being passed and correct:

A Tenant Id is required to complete this request. To complete this request, you may assign a Tenant to your API key, or add the X-FusionAuth-TenantId HTTP request header with the Tenant Id.

The same problem doesn't happen on 1.11 or for any other API calls we use.

[robotdan]

I think there are two issues here:

1. It looks like there may be a regression issue with this method, previously it was using the API key (if provided on the client constructor). This API can be called with or without an API key and now it is calling w/out it. This may be causing you problems if your API key is locked to a tenant.
2. You are seeing an error indicating you need to provide the Tenant Id

Regarding the second issue, how many tenants do you have configured? Was this the same number when you were running 1.11.0? Is your API key locked to a single tenant?

[robotdan]

@matthew-altman looks like a regression issue. This will affect all client libraries.

The forgotPassword method is being called w/out an API key, previously it was using the API key if we had it. The API can be called in both ways, so we'll need to either add a new method that uses the API key, or somehow instruct this method to be called in either mode.

We could just use the start instead of startAnonymous since if there is an API key available it doesn't hurt. We should probably do an audit of all of the APIs now using the startAnonymous method in the client builder to ensure they cannot be optionally be called with an API key.

[robotdan]

A work around if you want to use the API key.

In FusionAuthClient.php change

  public function forgotPassword($request)
  {
    return $this->startAnonymous()->uri("/api/user/forgot-password")
        ->bodyHandler(new JSONBodyHandler($request))
        ->post()
        ->go();
  }

to

  public function forgotPassword($request)
  {
    return $this->start()->uri("/api/user/forgot-password")
        ->bodyHandler(new JSONBodyHandler($request))
        ->post()
        ->go();
  }

[kgogolek]

Thanks for the reply @robotdan .
Yes I can confirm we're using the API key for all the calls. Is there a better way going forward?
We have about 5-6 tenants set up, and it was the same number before we upgraded the libs.
For now we've reverted to 1.11 but might implement the work-around if we need to upgrade the versions.

[robotdan]

Ok, good to know. You could upgrade FusionAuth and keep with the older php client as well, or patch your client as outlined above.

We'll be patching the client shortly, stay tuned.

[robotdan]

1.12.1 is available which contains the corrected behavior. Thanks for letting us know!
https://packagist.org/packages/fusionauth/fusionauth-client