How to verify answer to recovery question

When creating a user profile we are setting recovery question/answer. Creation of the question appears to work fine. When user is making a change we would like to verify the answer to recovery question. How can this be done?
We are able to create the user using the following code with java okta sdk:

User createdUser = UserBuilder.instance()
.setEmail(user.getEmail())
.setFirstName(user.getFirstName())
.setLastName(user.getLastName())
.setPassword(user.getTransPassword().toCharArray())
.setSecurityQuestion(user.getTransSecretQuestion1())
.setSecurityQuestionAnswer(user.getTransSecretAnswer1())
.setSecondEmail(user.getEmailCC1())
.setActive(active)
.putProfileProperty(“primaryPhone”, user.getPhone())
.buildAndCreate(this.client);

We are able to retrieve a user’s recovery question using createdUser.getCredentials().getRecoveryQuestion().getQuestion()

How can we match the answer user provides to the the answer stored in OKTA?

Joining this thread. We are creating custom password recovery and I would also like to check user’s answer

Not sure if you’ve read through the JavaDoc but this URL might help:
https://developer.okta.com/okta-sdk-java/1.5.2/apidocs/com/okta/sdk/resource/user/RecoveryQuestionCredential.html

Using the following, createdUser.getCredentials().getRecoveryQuestion().getAnswer(), you could simply compare that string with a user provided string.

pretty sure it returns a null

Ok. I’ll test it later and see what I can find out.

The reason I wanted to verify the answer to a security question is to use it to reset a user’s password. It appears that it can be accomplished using a post call to /api/v1/users/{user_id}/credentials/forgot_password API endpoint. I’ve been able to get it to work this way by providing a user’s answer to secret question. If the answer is correct then the API call succeeds, otherwise it fails.
The API call is not made via okta java sdk but rather by constructing a post request:
ObjectMapper mapper = new ObjectMapper();
ObjectNode recovery_question = mapper.createObjectNode();
recovery_question.put(“answer”, recoveryAnswer);
ObjectNode password = mapper.createObjectNode();
password.put(“value”, newPassword);
ExtensibleResource userPasswordRequest = client.instantiate(ExtensibleResource.class);
userPasswordRequest.put(“recovery_question”, recovery_question);
userPasswordRequest.put(“password”, password);
Resource result = client.getDataStore().http()
.setBody(userPasswordRequest)
.addQueryParameter(“sendEmail”, “FALSE”)
.post("/api/v1/users/"+ oktaUser.getId()+"/credentials/forgot_password", UserCredentials.class);

1 Like