Reset-password with recovery token - token is invalid

Questions API
1
  1. From Postman - when we hit url “/lifecycle/reset_password?sendEmail=false” we will be getting the recovery token along with the resetPasswordUrl
    {
    “resetPasswordUrl”: “comenitysandbox - Sign In
    }
  2. Following Okta email (magic link/OTP) integration guide | Okta Developer document.
  3. As doc says “Parse the recovery token from the URL and send it using your infrastructure” sending this recovery token to local host api “/reset-password” where recovery_token token is required as a query param.
  4. Getting exception when internal it’s hitting “https://comenitysandbox.oktapreview.com/oauth2/default/v1/interact - POST” saying “Error Detail: [invalid_request:The recovery token is invalid]” -

URL after adding params: https://comenitysandbox.oktapreview.com/oauth2/default/v1/interact?client_id=0oa3z1jq2heYRDtmh1d7&client_secret=On0bXnNhXl5-U4zCfoJJfxatG9JX_8QExvUsXv4d&scope=openid profile offline_access&code_challenge=Qrf1GruyV6KKKgzNTwuJ34O4tSyvE5RdaOq72MKYKXQ&code_challenge_method=S256&redirect_uri=http://localhost:8080/authorization-code/callback&state=f8ab8b0d-41bd-4a9f-9f5f-d5618f6ed99a&recovery_token=drpHe43Tbx49Cd-9OGmN

why it’s saying token is invalid, What I’m missing here?

2

Hello,

In OIE you must exchange the recoveryToken for a stateToken using the Verify Recovery Token API (POST api/v1/authn/recovery/token) providing the recoveryToken in the body. The response contains a stateToken which you can initialize the widget with to continue the recovery flow.