stateToken for Change Password with JS widget

Question

We're trying to use the JS widget to enable change password (password's not expired, just changing it). The REST API requires a stateToken but i can't see any way to create/generate a state token.

We've got the widget working for other scenarios but just not this one.

score 0 · Answer 1 · answered Sep 20 '16 at 20:35

0

Are you trying to use the /authn/credentials/change_password endpoint? That one does require a stateToken, but it's only available in the authn flow (when the status is PASSWORD_EXPIRED).

If you're trying to change a password after the user has logged in and you've converted your sessionToken to a session cookie, you can use the /users api:

/users/:id/credentials/change_password

Documentation for that endpoint is here: http://developer.okta.com/docs/api/resources/users.html#change-password

answered Sep 20 '16 at 20:35

remanc

205
2
10

excellent. thanks for that. How do i exchange the sessionToken for a session cookie? – martin samm Sep 21 '16 at 03:09
There's some good documentation about this - i.e. depends on what you want to do: http://developer.okta.com/docs/api/resources/sessions.html ; The easiest is using the sessionRedirect link option: http://developer.okta.com/use_cases/authentication/session_cookie#retrieving-a-session-cookie-by-visiting-a-session-redirect-link – remanc Sep 21 '16 at 16:49
But, if you want to exchange it in a SPA (i.e. no redirects), you can do what the Sign-In widget does by using the openId flow in an iframe: http://developer.okta.com/use_cases/authentication/session_cookie#retrieving-a-session-cookie-via-openid-connect-authorization-endpoint – remanc Sep 21 '16 at 16:52

stateToken for Change Password with JS widget

1 Answers1