I wanted to know if it is possible to add current password field to the Password Reset page.
Right now there are two fields :
- New password
- Confirm Password
Is this a simple customization of the password reset page?
Or should I use Management API’s to achieve this with a custom password reset page ?
This does not seem to be an option for the hosted password reset page at this time. It looks like it has been discussed, but can’t confirm if/when this would happen.
Sorry for any inconvenience. Feel free to leave us some feedback if this is something you would be interested in. We use this info to gauge customer demand.
Current password on a password reset request doesn’t make much sense (you’ve forgotten your password after all!) but a flow to change the password where you do know the existing definitely would be nice.
Is there an API endpoint to validate current password ?
Not explicitly for the purpose you are describing. With that being said, you could workaround this by using the resource owner password grant. Hitting this info with the correct credentials will return a token, which you could check for as validation.
Be sure to look at the recommendations for implementing this grant securely.
Let me know if this helps,
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.