Problem with authenticateUser()

In the PHP SDK (Oauth) when I call
$infusionsoft->data()->authenticateUser($username, $passwordHash)
I receive [FailedLoginAttempt]Invalid username and/or password.

But if I use the PHP ISDK (legacy) and call
$uid = $app->authenticateUser($username,$passwordHash);
with the exact same values it succeeds.

Any suggestions on what I’m missing?

@William_Jensen Would you enable debug logging and let us know if it produces any more detail?

Hi Mike

I do this first:

Then when I receive the error I do this:
$logArray = infusionsoft->getLogs();

And $logArray is empty.

Anything else I can look at?


Can you make sure that the password hashing is using md5 for both calls? Both SDKs hit the same endpoint with just different key authentication. The error you are getting means you successfully passed the key authentication, but failed the actual username/password match.

Well, that was the issue.
The docs for both the legacy API and the OAuth API say the password should be md5’d. Except that has never worked on the legacy PHP iSDK API side and I’ve been passing the password in the clear for years now. And I just tried again to md5 the password and the legacy PHP iSDK API won’t accept it.

However, the OAuth API does accept the md5 version and the authenticateUser() succeeded.

So I will modify my code to use md5 for my accounts that are using OAuth and continue not using it for accounts that are still on the PHP iSDK.

Thanks for your help.

@william_jensen An awesome person in support passed this along to me:

It looks like the iSDK hashed the password for you before sending. The new SDK doesn’t have this same functionality. This is where the dependency is coming in. Both are hashed when they get to Infusionsoft however one the hashing needs to be intentionally preformed the other happens without extra work.

Glad you got it working.