Can't get statetoken (always null)

I’m trying to implement change password method and I need to set statetoken, but it always comes null when the user logs in

I took this example used for testing (, where the statetoken could not be empty, but it is not what happens…

I think it’d make sense if you try to check underlying APIs. If you would, you won’t be masking your session token :smiley: State token will be present in the situation, where user’s password got expired and user can’t just log into Okta, but rather change password flow is initiated, presenting your with a state token to continue a flow when you submit new password request. Here is a diagram describing the process

thank you @phi1ipp for all your help,
my problem is that i can’t get statetoken to reset the password with trusted application,
so how to obtain statetoken for this password reset? I’ve tried to set it but I can’t get it to work at all …
do you have any example i can follow?

But for trusted application you can use SSWS token to just issue set password operation. Why do you need a token?