FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    TrustTokenRequired on change-password when MFA not enabled

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    1
    2
    336
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stephen.saucier 0
      last edited by

      Using the change-password endpoint with a changePasswordId included from a login request (the user is marked as having to change his password on next login), we're getting a TrustTokenRequired response instead of a 200 success:

      {"generalErrors": [{"code": "[TrustTokenRequired]", "message": "This request requires a Trust Token. Use the Start Two-Factor API to obtain a Trust Token required to complete this request."}]}

      Multi-factor is not enabled for this user, so this response doesn't seem to make sense.

      Screen Shot 2022-02-24 at 14.47.58.png

      Am I missing a setting somewhere or something else, or is this a bug?

      S 1 Reply Last reply Reply Quote 0
      • S
        stephen.saucier 0 @stephen.saucier 0
        last edited by stephen.saucier 0

        When I changed the user's password manually in FA (change on next login was still enabled), it then allowed the password to be changed properly via the API without any Trust Token.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post