How to Authentication Recovery Token using new Okta node sdk package

api

#1

Hello!

I found out that okta node sdk doesn’t support “Recovery Token” authentication during password reset/unlock account link.

But i am not sure, if that is not supported, how does “Forgot password” functionality works, because that has to go through token verification associated with each user who has requested the password reset.

So password reset link is something like

http://localhost:XXXX/#/user/reset?token=${recoveryToken}"

I do see recovery token in email
I click on it.
Try to reset the password
Send request to the backend service, which is in javascript

Now which method should i use to authenticate the token??
I got suggestions to directly call the api which will authenticate the token and follow api path , instead of package . But i feel, if forgot password works then there should be token verification function too.

I tried this too

 var query = {
        userId: userInfo.id,
        queryParams:{
            sendEmail : false,
            provider: 'OKTA'
        }
    };

    oktaUser.resetPassword(query).then(function(token){
        console.log(token);
        return resolve();
    })

But every time user gets email, instead of setting sendEmail to false.


#2

I have resolved the issue by using api. But i feel node package should provide authentication too, because on client side authentication is not secure


#3

Thanks for the feedback. I think what you are asking for falls right in line with where we are going. We are currently working on the Management SDKs (the SDK that helps you with the CRUD and lifecycle of objects) and we will be introducing Authentication APIs as well.


#4

There is also a discussion about this on Github: https://github.com/okta/okta-sdk-nodejs/issues/22

As Tom said, this is something we are currently working on. I’ll update here and on Github when we’ve added better support for Node.