Okta API - Change password


I am trying to implement change password functionality using Okta Api : https://developer.okta.com/docs/api/resources/users#change-password

and I found that it does not lock the user even after n attempts of wrong password(current). Is this limitation of API?


Can you go into a little more detail into what you are building?

I believe this behavior is that it is a call with a SSWS token, meaning an admin is issuing the change, so it isn’t limited on how many incorrect tries.

hi @tom,

Yes I am using SSWS token to call this API. But my assumption was that password policy will apply in case of an incorrect current password given. But that is not the case, it allows the user to perform this operation as many times he wants.

I’m unsure if that endpoint can behave that way. I would open up a case with developers@okta.com to continue the discussion.

The Authentication API endpoint already behaves this way if you want to use that.