Using command line to change user password

I wanted to change user’s password or get user details from command line.Is there a way to do it.

Hi @Santosh008

We don’t have an official PowerShell SDK for changing a user’s password, however you can check this PowerShell module which covers most of the API use-cases.

If you are trying to change via Terminal, please check the cURL example available here.

1 Like

Thanks for the help @dragos.

@dragos Is there an API to create or generate an api token and get it? (Not the U.I. approach of creating it through the console) ?

Hi @Santosh008

There is no API currently available to generate API tokens. You can check out “OAuth 2.0 Consent for API Access Management” feature which can use bearer tokens instead of API tokens.

If you don’t have the feature enabled, please feel free to send an email to support@okta.com and request OAUTH2_FOR_OKTA_API feature.

1 Like

Hi @dragos

So actually I wanted to change the password of an Okta User via an API request. I am able to do it using the API Token which I am generating in the Developer console. But I don’t want to access any consoles. Can I do that by using API calls only?

But for the user password change API, I require the API Token which I can’t generate using API request. Can I change the user’s password using some other tokens? I have explored the documentations but I am not able to find anything. Please help me in this regard.

I found this Authentication API {{url}}/api/v1/authn/credentials/change_password
and {{url}}/api/v1/authn/credentials/reset_password
for changing or resetting the password but they need State Token , which I am not able to find how to get/create.

Hi @Santosh008

Once you have the feature mentioned previously, navigate to your OIDC app in your administrative panel and you should have a new tab “Okta API Scopes”. Please enable “okta.users.manage”.

Once this is done, you will need to request new access tokens with an endpoint like the following

https://yourOktaOrg.okta.com/oauth2/v1/authorize?response_type=code&client_id=CLIENT_ID_HERE&redirect_uri=https://site.com/callback&state=abc&scope=openid%20okta.users.manage&nonce=abc

You will receive an access token that has the scope “okta.users.manage”. With this access token, you can call the change password API, for example

curl -X PUT \
  https://yourOktaOrg.okta.com/api/v1/users/00ueay8jcd5kkMWs20h7 \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer ACCESS_TOKEN_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
  "credentials": {
    "password" : { "value": "new_user_password_here" }
  }
}'

You can find out more details about OAuth for Okta feature here.

HI @dragos,

Above API does not verify the users current password before setting up the new password.

is there a way using the end user bearer token we can verify the users current password & then set a new password ?

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.