However, before updating the password, I would like to check if the new password can be used or not (depending on the Password History) without updating the user’s password, so my question is, is there any endpoint in the Management API or Authentication API that checks if I can use the password? or the only way is when I call the endpoint to update the user password (described in this link https://auth0.com/docs/authenticate/database-connections/password-change#directly-set-the-new-password,?
If you have the Password History option enabled in your database connection, you don’t need to check if you can use the new password before making the Management API request.
You will receive a 400 response from Auth0 if the password you are trying to use already exists in the user’s password history.
For example, the API response will look something like:
{
"statusCode": 400,
"error": "Bad Request",
"message": "PasswordHistoryError: Password has previously been used"
}
I understand that this endpoint validates and updates the user’s password. The implementation I must do is first validate whether I can use the password before the call to update the user’s password, this is at the request of the client I work with.
As I mentioned before, the implementation I must do is first validate whether I can use the password before calling the endpoint to update the user’s password, this is at the request of the client I work with, so could you please help me by indicating if there is any endpoint in the Management API or Authentication API that checks if I can use the new password?
Thanks a lot again, I really appreciate your help!
Hi @omar.camacho, hopefully someone from Auth0 can come and confirm, but I don’t believe there is an API endpoint like this. I suspect this is for security reasons.
You can put in a feature request in this forum to ask Auth0 to add this functionality for your needs
