Hi @alex.moss2516,
Found this community thread while I was searching for something else. While Auth0 does not expose the user’s password, you may use the Resource Owner Password Grant to verify the user’s password for sensitive tasks.
The actual usage of the password
grant is to obtain an access token for the user. However, you can to send the incoming user’s password to the /oauth/token
endpoint and if you get back a token, that means the entered password is correct.
Please note that Resource Owner Password Grant requires you to send the client_secret
along with the request sent to /oauth/token
endpoint. Which means you have to use a secure application such as backend application to use this grant.
Further readings:
https://auth0.com/docs/api-auth/tutorials/password-grant
https://auth0.com/docs/api/authentication#resource-owner-password