User Password change by themselves

I’m considering about the case where the user changes their own password.
I understand that there are two methods:
1.using a password reset
2.using the Management API to specify the user and update the password as part of the user attributes.

For the latter case No 2,
I understand that a Client Credential authentication token is required to use the Management API, but I believe this token grants permission to change passwords for all of the users other than the one performing the operation.

Therefore, when considering security attacks etc, I think it would be preferable to use the password reset method. Is that correct understanding?

Correct :sunglasses:


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.