Can't get statetoken (always null)

I’m trying to implement change password method and I need to set statetoken, but it always comes null when the user logs in

I took this example used for testing (https://github.com/okta/okta-auth-dotnet/blob/8611e10f37c9da5350e3e0ed10d0b68a76717a58/Okta.Auth.Sdk.IntegrationTests/AuthenticationScenarios.cs), where the statetoken could not be empty, but it is not what happens…

I think it’d make sense if you try to check underlying APIs. If you would, you won’t be masking your session token :smiley: State token will be present in the situation, where user’s password got expired and user can’t just log into Okta, but rather change password flow is initiated, presenting your with a state token to continue a flow when you submit new password request. Here is a diagram describing the process https://developer.okta.com/docs/reference/api/authn/#transaction-state

thank you @phi1ipp for all your help,
my problem is that i can’t get statetoken to reset the password with trusted application,
so how to obtain statetoken for this password reset? I’ve tried to set it but I can’t get it to work at all …
do you have any example i can follow?

But for trusted application you can use SSWS token to just issue set password operation. Why do you need a token?