I’m considering about the case where the user changes their own password.
I understand that there are two methods:
1.using a password reset
2.using the Management API to specify the user and update the password as part of the user attributes.
For the latter case No 2,
I understand that a Client Credential authentication token is required to use the Management API, but I believe this token grants permission to change passwords for all of the users other than the one performing the operation.
Therefore, when considering security attacks etc, I think it would be preferable to use the password reset method. Is that correct understanding?