My company would like to implement password reauthentication for our Angular application. We are using Username-Password Database authentication. Our use case is as follows:
- User navigates to Page with sensitive information.
- User clicks on button to view sensitive information.
- Modal pops up and User enters password and clicks “Authenticate.”
- Modal has a loading icon indicating reauthorization in progress. Upon successful authorization, modal disappears and the sensitive information appears on the Page.
As you can see, I would like to have the User stay on the same page during the reauthorization process. The issue I’m running into is that a callback url is required for an authorize call. As a SPA, redirecting back would require reloading the app. Using nonces, I was able to redirect to our callback component and parse out from the authResult’s state the url of the Page and navigate back to the page. However, this is a bad user experience.
In addition, I don’t see where I can pass the password to a reauthorization endpoint and trigger user verification.
The original posters on these two topics detail almost exactly what I need to do. However, I had no luck in implementing their answers. Auth0.js version 9+ authorize() method does not take an “prompt” or a “maxAge” option, at least for our version.
Is there any way for me to do what I described above?
Thanks in advance.
Edit: I’m looking at this: Call Your API Using Resource Owner Password Flow
Would this be a solution to my use case?