Feature: A change password flow that requires the current password as a factor.
Description: Looking for a way to implement a change password flow in a web app, browser that allows users to change their current password. Would like to require that in order to change the password users must provide the existing password as a factor.
Use-case: Given someone with access to a users existing authenticated session, and their email. Using the current password reset flow within Auth0, they would be able to change a users password. If the password reset flow required providing the current password, changing password would not be possible. This feature was a recommended requirement from a security audit as additional control to increase effectiveness of the authentication system.