I have encountered this error and managed to work out the following steps to get things working
FWIW I think this issue is the same as https://fusionauth.io/community/forum/topic/1098/registration-question-sendsetpassword-flow/7
I get the above error using the default Setup Password template which contains link with template http://localhost:9011/password/change/${changePasswordId}?client_id=${(application.oauthConfiguration.clientId)!''}&tenantId=${user.tenantId}
If I add redirect_uri=http://localhost:3000
then I end up being redirected to http://localhost:3000?error=invalid_request&error_reason=missing_response_type&error_description=The+request+is+missing+a+required+parameter:+response_type without ever setting a password.
Once I add response_type=code
I now get to be able to set the password.
It looks like the /password/change
endpoint actually jumps into the OIDC/OAuth flow after the password is set and my redirect URL gets a code (which I assume can be exchanged for a token), however as I am using ASP.NET 5 & the OpenIdConnect extensions the state
parameter contains encrypted data that must be supplied so I have found it best to ignore the code and simply trigger the OIDC challenge which causes a redirect back to FusionAuth (with required state) which immediately redirects back to my API (as there is an open SSO session) and my login is complete.
It would be good if there was some documentation about the /password/change
endpoint.
(I would also be open to suggestions about how I can cleanup the redirect magic I need to do to get this all working with ASP.NET but I realise that is probably out of scope of this question!)