We want to use either the authentication or management API to update a users password
Preferably the mananagement api, so we can call it from our back end.
However, we dont want other people to be able to go to another users computer when they are already logged in and change the password without confirming with the old password.
We could solve this by chaining a login request with an update password request from our backend.
However I don’t se any way to verify password+email using the management api?
We could redirect the user back to the webpage, however we dont want to store the users new password in the redirect URL or in the cache of security reasons.