Unable to validate recovery token

Hi All,

I’m trying to validate recovery token through /api/v1/authn/recovery/token. However, request keeps getting rejected and returns this response:

“errorCode”: “E0000079”,
“errorSummary”: “This operation is not allowed in the current authentication state.”,
“errorLink”: “E0000079”,
“errorId”: “oaefY5RhfksfaO81wUS43A”,
“errorCauses”: [
“errorSummary”: “This operation is not allowed in the current authentication state.”

Note that I provide a valid recovery token that’s retrieved from forgot_password response: /api/v1/users/0xxxxxxxxxxxx7/credentials/forgot_password?sendEmail=false

Any thoughts on what’s causing recovery/token to fail?


Can you provide the Okta Request id for one of these failed attempts. It would be returned in the HTTP headers x-okta-request-id.

If not are you able to provide your Okta Org you are testing in?

Thank You,

I just figured that The /api/v1/authn/recovery/token API works in conjunction with the /api/v1/authn/recovery/password API. So, token will not be validated if it’s retrieved from forgot_password URL





does work in my Org, but if you have a working solution that is great.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.