How to get stateToken

I gone through several forums to understand how to get stateToken. but none of them provided straight forward answer.

I am trying to test following

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
   "username": "",
   "password": "correcthorsebatterystaple"
}' "https://${yourOktaDomain}/api/v1/authn"

I am not sure what I have to provide for stateToken

A state token is ephemeral token that encodes the current state of an authentication transaction.
You can find more details here:

It is generated during the authentication (AuthN) process, and gets converted to a session token once the user has been authenticated. AuthN end point details here:

rest end point : {{url}}/api/v1/authn

Request :
“username”: “XXXXXXXXX”,
“password”: “XXXXX”

“expiresAt”: “2020-11-27T16:16:57.000Z”,
“status”: “SUCCESS”,
“sessionToken”: “20111OtQlIstE4AxrG_VrClO53wrvUTbVZFGepiSOO0HfO9wj5-C3v8”,
“_embedded”: {
“user”: {
“id”: “00u19umuw0gOq3QiW5d6”,
“passwordChanged”: “2020-11-20T21:22:44.000Z”,
“profile”: {
“login”: “XXXXX”,
“firstName”: “XXXXXXX”,
“lastName”: “XXXXXX”,
“locale”: “en”,
“timeZone”: “America/Los_Angeles”

Then I took session token as you mentioned and passed as input for stateToken. Following are the results
End point : https://${yourOktaDomain}/api/v1/authn
Request :
“username”: “”,
“password”: “correcthorsebatterystaple”

Response :
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oaeAKiM4DriTHi68ehfpyq7_g”,

Hi @praveena! The stateToken tells us what status the user is in during the authentication process - see And like @rajnadimpalli mentioned it is ephemeral so it gets converted to a session token immediately i.e., once the user has passed all the MFA requirements.

I see in your second comment your response already includes the sessionToken; this is the expected behavior. You will only receive a stateToken if you are still in the authenticating process - for example

Otherwise, you shouldn’t need to provide a stateToken at /api/v1/authn

1 Like