[ISSUE] Android Management API - Unable to remove the password from the device

vijay
Level 1.5: Cupcake
When I execute this on HTTP, I receive a response.

[REQUEST]
POST https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf:issueCom... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
  "type": "RESET_PASSWORD"
}

[RESPONSE]
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 263
content-type: application/json; charset=UTF-8
date: Tue, 07 May 2024 15:46:32 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715096792085",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-07T15:46:32.085Z",
    "duration": "600s",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  }
}

Upon checking the status of the issued command "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715096792085" in operations, I received a response.

[REQUEST]
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operatio... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json

[RESPONSE]
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 304
content-type: application/json; charset=UTF-8
date: Tue, 07 May 2024 15:51:33 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715096792085",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-07T15:46:32.085Z",
    "duration": "600s",
    "errorCode": "INVALID_VALUE",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  },
  "done": true,
  "error": {
    "code": 3
  }
}


I'm uncertain which invalid value I inputted into the parameters. Moreover, the LOCK or REBOOT command works correctly without errors for the same device.

The policy associated with this device.

[REQUEST]
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/policies/8f600ee4-0970-4d69-b916-... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json

[RESPONSE]
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 118
content-type: application/json; charset=UTF-8
date: Tue, 07 May 2024 16:14:04 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/policies/8f600ee4-0970-4d69-b916-e4d718e25b8e",
  "version": "22"
}
3 REPLIES 3

Moombas
Level 4.1: Jelly Bean

Take a look into the documentation: 

Flags that can be used for the RESET_PASSWORD command type.

Enums
RESET_PASSWORD_FLAG_UNSPECIFIEDThis value is ignored.
REQUIRE_ENTRYDon't allow other admins to change the password again until the user has entered it.
DO_NOT_ASK_CREDENTIALS_ON_BOOTDon't ask for user credentials on device boot.
LOCK_NOWLock the device after password reset.

 

Also see this (https://developers.google.com/android/management/reference/rest/v1/enterprises.devices/issueCommand)...

newPassword

string

For commands of type RESET_PASSWORD, optionally specifies the new password. Note: The new password must be at least 6 characters long if it is numeric in case of Android 14 devices. Else the command will fail with INVALID_VALUE.

resetPasswordFlags[]

enum (ResetPasswordFlag)

For commands of type RESET_PASSWORD, optionally specifies flags.

vijay
Level 1.5: Cupcake

I have tried using all possible inputs in the resetPasswordFlags

Still facing same issues.
 
# Using All Flags
---------- [REQUEST] ----------
POST https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf:issueCom... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
  "resetPasswordFlags": [
    "REQUIRE_ENTRY",
    "DO_NOT_ASK_CREDENTIALS_ON_BOOT",
    "LOCK_NOW"
  ],
  "type": "RESET_PASSWORD"
}
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 335
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:37:30 GMT
server: ESF
vary: Origin, X-Origin, Referer

{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715168250202",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:37:30.202Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "REQUIRE_ENTRY",
      "DO_NOT_ASK_CREDENTIALS_ON_BOOT",
      "LOCK_NOW"
    ],
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  }
}
# Using All Flags: Operation GET
---------- [REQUEST] ----------
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operatio... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 373
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:40:37 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715168250202",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:37:30.202Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "REQUIRE_ENTRY",
      "DO_NOT_ASK_CREDENTIALS_ON_BOOT",
      "LOCK_NOW"
    ],
    "errorCode": "INVALID_VALUE",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  },
  "done": true,
  "error": {
    "code": 3
  }
}# Using Flag: REQUIRE_ENTRY
---------- [REQUEST] ----------
POST https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf:issueCom... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
  "resetPasswordFlags": [
    "REQUIRE_ENTRY"
  ],
  "type": "RESET_PASSWORD"
}
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 299
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:47:36 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715168855729",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:47:35.729Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "REQUIRE_ENTRY"
    ],
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  }
}
# Using Flag REQUIRE_ENTRY: Operation GET
---------- [REQUEST] ----------
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operatio... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 338
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:48:13 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715168855729",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:47:35.729Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "REQUIRE_ENTRY"
    ],
    "errorCode": "INVALID_VALUE",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  },
  "done": true,
  "error": {
    "code": 3
  }
}
# Using Flag: DO_NOT_ASK_CREDENTIALS_ON_BOOT
---------- [REQUEST] ----------
POST https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf:issueCom... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
  "resetPasswordFlags": [
    "DO_NOT_ASK_CREDENTIALS_ON_BOOT"
  ],
  "type": "RESET_PASSWORD"
}
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 313
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:50:02 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715169001575",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:50:01.575Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "DO_NOT_ASK_CREDENTIALS_ON_BOOT"
    ],
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  }
}

# Using Flag DO_NOT_ASK_CREDENTIALS_ON_BOOT: Operation GET
---------- [REQUEST] ----------
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operatio... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 353
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:51:00 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715169001575",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:50:01.575Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "DO_NOT_ASK_CREDENTIALS_ON_BOOT"
    ],
    "errorCode": "INVALID_VALUE",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  },
  "done": true,
  "error": {
    "code": 3
  }
}
 
# Using Flag: LOCK_NOW
---------- [REQUEST] ----------
POST https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf:issueCom... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
  "resetPasswordFlags": [
    "LOCK_NOW"
  ],
  "type": "RESET_PASSWORD"
}
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 293
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:53:09 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715169189027",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:53:09.027Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "LOCK_NOW"
    ],
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  }
}# Using Flag LOCK_NOW: Operation GET
---------- [REQUEST] ----------
GET https://androidmanagement.googleapis.com/v1/enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operatio... HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
---------- [RESPONSE] ----------
HTTP/1.1 200
cache-control: private
content-encoding: gzip
content-length: 334
content-type: application/json; charset=UTF-8
date: Wed, 08 May 2024 11:53:42 GMT
server: ESF
vary: Origin, X-Origin, Referer
{
  "name": "enterprises/LC04k33pjm/devices/32931cb718c4bbcf/operations/1715169189027",
  "metadata": {
    "@type": "type.googleapis.com/google.android.devicemanagement.v1.Command",
    "type": "RESET_PASSWORD",
    "createTime": "2024-05-08T11:53:09.027Z",
    "duration": "600s",
    "resetPasswordFlags": [
      "LOCK_NOW"
    ],
"errorCode": "INVALID_VALUE",
    "userName": "enterprises/LC04k33pjm/users/114476752020549114690"
  },
  "done": true,
  "error": {
    "code": 3
  }
}
 
 
 
 

jeremy
Level 2.3: Gingerbread

@Moombas is right your missing the new password and the correct flag.