In my implementation i have some scenarios that in order for my user to perform certain actions they need to first re-enter their password for validation (i.e delete profile, deactivate etc).
How can i compare the password hash that i will be getting from the user’s input against the one that auth0 has? (Assuming all the users use username-password connection)
Password hashes aren’t generally available (they can be exported, but require a support request), and we don’t suggest handling passwords unless absolutely necessary.
For the scenario you describe, I would suggest taking a look at Add Step-up Authentication. This is the out-of-the-box way to handle this type of flow.
If you absolutely must send a password to Auth0 for comparison, you could use the Resource Owner Password Flow, but this isn’t something I would recommend.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.