Error when changing password in "RECOVERY" status

I’m experimenting with a custom login flow where one of our apps gets the recovery token and does a password reset. I have a user that is in the “RECOVERY” state (“status”: “RECOVERY”). However, when I use the “/api/v1/users/USER_ID/credentials/change_password” endpoint to change the user’s password, I get the response

  "errorCode" : "E0000035",
  "errorSummary" : "Change password not allowed on specified user.",
  "errorLink" : "E0000035",
  "errorId" : "oaeO8aD8d4mQpi8oUnYf8xXdg",
  "errorCauses" : [ ]

The API doc specifies: “This operation can only be performed on users in STAGED , ACTIVE , PASSWORD_EXPIRED , or RECOVERY status that have a valid password credential”

Is there something I’m missing?