I have been using Google Identity Toolkit (for web) on my site for more than 2 years. Recently I found that the password reset flow is broken. When I try to "Forgot Password", check the recaptcha checkbox and click Continue, I get an error "Request failed. Please try again."

In the console I see this:

[ 28.949s] [identitytoolkit] Error: Invalid JSON string: Password reset email sent successfully.
     Gj @   gitkit.js:254
Ej.addLogRecord @   gitkit.js:254
Zi.log  @   gitkit.js:237
R   @   gitkit.js:254
(anonymous) @   gitkit.js:255
Yc  @   gitkit.js:44
g.dispatchEvent @   gitkit.js:42
tj  @   gitkit.js:247
lj.onReadyStateChangeEntryPoint_    @   gitkit.js:245
lj.onReadyStateChange_  @   gitkit.js:245
XMLHttpRequest.send (async)     
lj.send @   gitkit.js:242
Mj  @   gitkit.js:255
Lj.requestRpEndpoint    @   gitkit.js:256
g.requestRpEndpoint @   gitkit.js:259
(anonymous) @   gitkit.js:4
N   @   gitkit.js:190
Fh  @   gitkit.js:190
Sm  @   gitkit.js:334
(anonymous) @   gitkit.js:335
(anonymous) @   gitkit.js:80
(anonymous) @   gitkit.js:77
Yc  @   gitkit.js:44
g.dispatchEvent @   gitkit.js:42
fd  @   gitkit.js:47
ed.handleClick_ @   gitkit.js:47
Uc  @   gitkit.js:39
Rc  @   gitkit.js:41
Pc.b    @   gitkit.js:37

Even though the error says "email sent successfully", it's not sent. I do not know how long it has been broken for. I only found it yesterday.

I'm using this script:

https://www.gstatic.com/authtoolkit/js/gitkit.js on my web site.

I hope someone from the Gooogle Identity Toolkit team can help on this.

UPDATE 1:

Server side code:

OobResponse oobResponse = gitkitClient.getOobResponse(request);
OobAction oobAction = oobResponse.getOobAction();

// For DEBUG
logger.info("oobAction : " + oobAction);
String action = request.getParameter("action");
logger.info("action : " + action); // returns null
logger.info("response: " + request.getParameter("response")); // returns a long string
logger.info("responseBody : " + oobResponse.getResponseBody()); // returns {"error": "CAPTCHA_CHECK_FAILED" }
logger.info("email : " + oobResponse.getEmail()); // returns null

// If reset password
if (OobAction.RESET_PASSWORD.equals(oobAction)) {
    Optional<String> forgotPasswordLinkOpt = oobResponse.getOobUrl();               
    String passwordResetLink = forgotPasswordLinkOpt.get();

    sendMailService.sendPasswordResetEmail(oobResponse.getEmail(), passwordResetLink);

    return(oobResponse.getResponseBody());              
}   

The oobAction is coming out to be null and therefore the link is not being sent. But action has a value of resetPassword. 'responseBody' is returning {"error": "CAPTCHA_CHECK_FAILED" }. Do I need to do some configuration for the recaptcha string at my end?

I'm using v1.2.7 of gitkitclient from the Maven repo:

https://mvnrepository.com/artifact/com.google.identitytoolkit/gitkitclient

The issue was fixed by the Google team on the backend without any change from my end. See comments on the original issue for details.