How to get state token on password reset flow?

Hi All,

I was able to invoke Okta API to initiate the password reset flow and I see my user status is changed to Password Reset and I am getting an email with the reset password link.

Instead of going to a Okta password reset link, I want to redirect to my own application page. My question is once I redirect to my application page, I read I can invoke Authentication | Okta Developer API. But how to get the state token?

Thanks,
Poonam.

Hi!

The correct way to do this is through the /authn API. You want to call /authn/password/recovery with the JSON body set to send an email with a recovery token. Since you want the user to visit your application, you should really modify the email from Okta so that it sends a URL that goes to your application with the recovery token (Customizations → Emails → Forgot Password). When the user lands on your application strip out the recovery token and pass it to /auth/password/verify. That identifies the user and returns the state token you are looking for. Then you collect the new password from the user and call /authn/credentials/reset_password with the state token and the new password to change it.

If you are using an Okta SDK like the Java authn SDK, you would create a client object bound to the org (with the URL and API token) and then start with “recoverPassword()”, followed by “verifyRecoveryToken()”, and finally “resetPassword()”.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.