Is there a way to require a user to verify their password for email / password connections? Stripe has a good example of this. If you attempt to make a destructive action like editing a product, deleting a customer etc, you have to confirm your password, essentially log in again, before doing so. Is there a way to achieve this with Auth0? If a user is already logged in and we push them to the universal login, they’ll be immediately redirected back to us because they never logged out.
It sounds to me that you are looking to perform Step-Up Authentication for your application.
Step-Up Authentication is a way of asking the user to authenticate again to gain access to specific resources and access control. Then after authenticating they can proceed with these actions.
Hmmm almost, but not quite. Thanks for the resource though, I didn’t know this was a feature. From my understanding, Step-Up Authentication requires a separate authentication method ( e.g. SMS, rotating code, etc ). We really just want the user to authenticate again to confirm they want the action to proceed, especially when it’s a potentially destructive action.
Ah perfect, I just stumbled over this also. I think we can make something work with this. It’s a little unfortunate that once the user lands on this page they can actually enter any username / password and also still have the option of creating an account. Maybe there are ways around this using the new universal login experience and hiding some options?
Otherwise I guess we can always verify the users are the same when they return, it’s just a little bit of a funky user experience.