Is there any way to create a section in my application which request a user his current password, checks if it is valid and if so changes the password to the new password which has been supplied?
Hi @ixrijde
Welcome to the Auth0 Community!
There are a few approaches you can take while developing such a feature for your application, depending on how much you want to use Auth0’s built-in features in the flow.
- User change password in the Universal Login:
- Authentication API → https://auth0.com/docs/authenticate/database-connections/password-change#authentication-api
If your application uses an interactive password reset flow through the Authentication API, make a
POSTcall. In the
Create a password change ticket for a given user. A password change ticket is a generated URL that the user can consume to start a reset password flow.
Note: This endpoint does not verify the given user’s identity. If you call this endpoint within your application, you must design your application to verify the user’s identity.
For both solutions, the user will be transferred to the Universal Login, where he can change the password. You can also utilize the Actions to enhance this flow further.
- The user changes the password in your application
If you want your users to change their password inside your application, you will need to utilize the Management API to update the password → https://auth0.com/docs/authenticate/database-connections/password-change#directly-set-the-new-password. Out of the box we don’t offer endpoint for password validation, but the generally good approach here would be to force user to re-authenticate before accepting the password for change from your system.
curl --request PATCH \
--url 'https://{yourDomain}/api/v2/users/%7BuserId%7D' \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--header 'content-type: application/json' \
--data '{"password": "newPassword","connection": "connectionName"}'
Thanks
Dawid