I’m experimenting with a custom login flow where one of our apps gets the recovery token and does a password reset. I have a user that is in the “RECOVERY” state (“status”: “RECOVERY”). However, when I use the “/api/v1/users/USER_ID/credentials/change_password” endpoint to change the user’s password, I get the response
{
"errorCode" : "E0000035",
"errorSummary" : "Change password not allowed on specified user.",
"errorLink" : "E0000035",
"errorId" : "oaeO8aD8d4mQpi8oUnYf8xXdg",
"errorCauses" : [ ]
}
The API doc specifies: “This operation can only be performed on users in STAGED , ACTIVE , PASSWORD_EXPIRED , or RECOVERY status that have a valid password credential”
Is there something I’m missing?